US8762711B2 - Systems and methods for authenticating and protecting the integrity of data streams and other data - Google Patents
Systems and methods for authenticating and protecting the integrity of data streams and other data Download PDFInfo
- Publication number
- US8762711B2 US8762711B2 US13/018,274 US201113018274A US8762711B2 US 8762711 B2 US8762711 B2 US 8762711B2 US 201113018274 A US201113018274 A US 201113018274A US 8762711 B2 US8762711 B2 US 8762711B2
- Authority
- US
- United States
- Prior art keywords
- check value
- hash
- data
- error
- check
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related, expires
Links
- 238000000034 method Methods 0.000 title claims abstract description 107
- 230000005540 biological transmission Effects 0.000 claims description 17
- 230000003287 optical effect Effects 0.000 claims description 3
- 238000004891 communication Methods 0.000 abstract description 19
- 230000001419 dependent effect Effects 0.000 abstract 1
- 101150060512 SPATA6 gene Proteins 0.000 description 148
- 230000008569 process Effects 0.000 description 40
- 238000012795 verification Methods 0.000 description 34
- 238000012545 processing Methods 0.000 description 21
- 238000013459 approach Methods 0.000 description 8
- 238000001514 detection method Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 7
- 230000009471 action Effects 0.000 description 5
- 238000004590 computer program Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 238000011084 recovery Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 2
- 238000007796 conventional method Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 210000000352 storage cell Anatomy 0.000 description 1
- 239000004557 technical material Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/30—Compression, e.g. Merkle-Damgard construction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/603—Digital right managament [DRM]
Definitions
- the present invention relates generally to the communication and storage of electronic data. More specifically, the present invention relates to systems and methods for authenticating and protecting the integrity of electronic information using cryptographic techniques.
- One class of problems faced by those conducting transactions remotely via electronic communications networks such as the Internet is that of authenticating messages received from others and providing ways for others to authenticate one's own messages.
- a party to an electronic transaction will typically want assurance that the other parties are who they purport to be.
- a party will also want to prevent attackers from misappropriating its identity by, e.g., forging its signature or otherwise assuming its identity in interactions with others.
- a related problem is that of verifying the integrity of an electronic communication—that is, verifying that the content of the communication has not been modified—when, due to transmission errors, malicious tampering, or a variety of other factors, this may not be the case.
- a variety of authentication and validation schemes have been proposed, ranging from the use of passwords to the use of cryptographic signatures. In general, these schemes rely on the existence of a secret shared between the parties to a transaction. By demonstrating knowledge of the shared secret, the parties are able to authenticate themselves to one another.
- Many cryptographic signature schemes are based on public key cryptography. In public key cryptography, a party creates a signature by applying a strong cryptographic hash algorithm (e.g., SHA-1) to a plaintext message and encrypting the result with the party's private key. The signature message is often as big as the private key modulus, which is typically much larger than the output from the hash algorithm.
- SHA-1 strong cryptographic hash algorithm
- a recipient needs to obtain the full message, hash it, decrypt the signature using the signer's public key, and compare the decrypted signature with the hash of the message. If the computed hash is equal to the decrypted signature, then the message is deemed to be authentic.
- FIGS. 1A and 1B illustrate the conventional signature generation and detection process described above.
- a hashing algorithm 102 is applied to a plaintext message 100 to yield a hash or message digest 104 .
- a signature 105 is generated by encrypting message digest 104 using an encryption algorithm 106 and the sender's private key 108 .
- Signature 105 is then transmitted to the recipient along with a copy of message 100 .
- FIG. 1A shows message 100 being sent to the recipient in unencrypted form, message 100 could be sent in encrypted form instead, if it were desired to maintain the confidentiality of the message.
- the recipient of a message 100 ′ and a signature 105 ′ applies hash function 114 to message 100 ′ to yield message digest 116 .
- the recipient also decrypts signature 105 ′ using the sender's public key 118 to yield message digest 120 .
- Message digest 116 is then compared with message digest 120 . If the two message digests are equal, the recipient can be confident (within the security bounds of the signature scheme) that message 100 ′ is authentic, as any change an attacker made to message 100 ′ or signature 105 ′ would cause the comparison to fail.
- a problem with the approach shown in FIGS. 1A and 1B is that the recipient must receive the entire message 100 ′ before checking its authenticity. The recipient will thus need enough storage to hold the entire message, and must be willing to wait however long is needed to receive it. It is often impractical to meet these limitations. For example, audio, video, and multimedia files are often relatively large, and can thus take a long time to download. In addition, many consumer electronic devices for playing audio, video, or multimedia files have minimal storage and/or processing capacity. As a result, system designers will often wish to allow a consumer to begin using a file before it is completely downloaded, and/or without requiring the consumer's system to store or process the entire file at one time. Thus, for example, multimedia files comprised of multiple MPEG frames are typically designed to be processed on-the-fly by the consumer's device, each MPEG frame being processed while the next frame is received. This is commonly known as “streaming.”
- One way to adapt the traditional signature scheme described above for use with streaming applications is to break message 100 into subparts, and to sign each subpart separately.
- this approach has several drawbacks. For example, it can require a relatively large amount of processing power, since both the signature issuer and the signature verifier need to perform numerous relatively-costly public and/or private key operations.
- this approach is relatively costly in terms of bandwidth and/or storage requirements, as inserting a large number of cryptographic signatures into the stream can noticeably increase the stream's size.
- Yet another drawback of this approach is that it fragments the signed message into a set of unrelated, signed sub-messages.
- the present invention provides systems and methods for securely verifying and protecting the integrity of electronic data streams and other types of electronic data. It should be appreciated that the present invention can be implemented in numerous ways, including as a process, an apparatus, a system, a device, a method, or a computer readable medium such as a computer readable storage medium or a computer network wherein program instructions are sent over optical or electronic communication lines. Several inventive embodiments of the present invention are described below.
- a method for encoding a digital file in a manner designed to facilitate authentication of a streamed transmission of the file.
- a progression of check values is generated, each check value in the progression being derived from a hashed portion of the file and from at least one other check value in the progression.
- a file is encoded by inserting each check value into the file in proximity to the portion of the file to which it corresponds. The encoded file is then transmitted to a user's system where it can be authenticated on-the-fly using the check values.
- a computer program product for encoding data in a manner designed to facilitate authentication of a streamed data transmission.
- the computer program product preferably includes computer code for generating a progression of check values, each check value being derived, at least in part, from at least one other check value in the progression and from a hash of a portion of the data.
- Computer code is also provided for inserting each check value into the data in proximity to the portion of data to which it corresponds. Additional computer code is operable to send a streamed transmission of the encoded data to a user's system, where it is authenticated on-the-fly using the check values.
- the computer codes are contained on a computer readable medium such as a CD-ROM, DVD, MINIDISC, floppy disk, magnetic tape drive, flash memory chip, ROM, RAM, system memory, hard drive, optical storage, and/or a data signal embodied in a carrier wave.
- a computer readable medium such as a CD-ROM, DVD, MINIDISC, floppy disk, magnetic tape drive, flash memory chip, ROM, RAM, system memory, hard drive, optical storage, and/or a data signal embodied in a carrier wave.
- a computer program product for verifying the integrity of a block of data.
- the computer program product preferably includes computer code for receiving a first portion of the block of data, and for receiving first and second check values in a chain of check values, each check value in the chain being derived from a corresponding portion of the block of data and from at least one other check value in the chain.
- Computer code is provided for using the first check value to verify the integrity of the first portion of the block of data and of the second check value.
- Computer code is also provided for allowing use of the first portion of the block of data if its integrity is successfully verified.
- a system for performing fault-tolerant authentication of a stream of data includes a receiver for receiving sub-blocks of the stream, error-check values corresponding to the sub-blocks, and verification values in a chain of verification values associated with the stream, each verification value being derived from a sub-block of the stream and at least one other verification value in the chain.
- the system also includes error-detection logic operable to use the received error-check values to detect errors in corresponding sub-blocks of the stream. Error-handling logic is also provided, the error-handling logic being operable to record the detection of errors by the error-detection logic, and to block the receipt of additional sub-blocks if a predefined error condition is satisfied.
- the system also includes authentication logic, the authentication logic being operable to use the received verification values to verify the integrity of data sub-blocks, other verification values, and error-check values in the stream.
- a method for authenticating a block of data includes receiving a first sub-block of the block of data, a first error-check value, a first check value, and a second check value, wherein the first check value and the second check value form part of a progression of check values associated with the block of data, each check value in the progression being derived, at least in part, from a sub-block of the block of data and at least one other check value in the progression.
- the first error-check value is used to detect corruption of the first sub-block.
- the first check value and the first error-check value are used to verify the integrity of the second check value.
- a method for encoding a block of data in a manner designed to facilitate fault-tolerant authentication.
- a progression of check values is generated, each check value in the progression being derived from a portion of the block of data and from at least one other check value in the progression.
- the block of data is encoded by inserting the check values and error check values into the block in proximity to the portions of the block to which they correspond.
- the error-check values can be used to detect errors in the blocks of data, and, if errors are found, can be used to help authenticate the check values in the progression.
- the encoded block of data is transmitted to a user's system, the user's system being operable to receive and authenticate portions of the encoded block of data before the entire block is received.
- a method for encoding a digital file in a manner designed to facilitate secure quasi-random access to the file.
- a multi-level hierarchy of hash values is generated from the digital file, where the hash values on a first level of the hierarchy are at least partially derived from the hash values on a second level of the hierarchy.
- a root hash value is digitally signed, the root hash value being derived from each of the hash values in the hierarchy.
- the signed root hash value and at least a portion of the rest of the hierarchy are stored on a computer readable medium for use in verifying the integrity of the digital file.
- a method for securely accessing a data block includes selecting a portion of the data block and retrieving from storage a corresponding root verification value and one or more check values in a hierarchy of check values, wherein the hierarchy of check values is derived, at least in part, from an uncorrupted version of the data block.
- the root verification value is used to verify the integrity of the other check values.
- a calculated check value is obtained by hashing a first sub-block of the data block, the first sub-block including at least part of the selected portion of the data block.
- the calculated check value is compared with an appropriate one of the stored check values, and at least part of the selected portion of the data block is released for use if the calculated check value equals the stored check value.
- a system for providing secure access to a data file preferably includes a memory unit for storing a digital signature and a plurality of hash values related to the data file, the digital signature and the plurality of hash values forming a hierarchy.
- the system includes a processing unit, logic for decrypting the digital signature to obtain a root verification value, hash verification logic for using the root verification value to verify the integrity of one or more hash values in the hierarchy, and logic for selecting a portion of the data file for use.
- a hashing engine is provided for calculating a hash of a data sub-block, the data sub-block including at least part of a selected portion of the data file.
- a first comparator is used to compare the hash of the data sub-block with a verified hash value in the hierarchy. Control logic is operable to release the data sub-block for use if the calculated hash equals the previously-verified hash.
- FIGS. 1A and 1B illustrate a conventional digital signature verification technique.
- FIGS. 2A and 2B illustrate systems for practicing an embodiment of the present invention.
- FIG. 3 is a flow chart illustrating a data encoding process in accordance with an embodiment of the present invention.
- FIG. 4 is a block diagram illustrating the flow of data in an encoding process in accordance with an embodiment of the present invention.
- FIG. 5 is a flow chart illustrating an authentication process in accordance with an embodiment of the present invention.
- FIG. 6 is a block diagram illustrating the flow of data in an authentication process in accordance with an embodiment of the present invention.
- FIG. 7 is a flow chart illustrating an error recovery process in accordance with an embodiment of the present invention.
- FIG. 8 is a block diagram illustrating an error recovery process in accordance with an embodiment of the present invention.
- FIG. 9 is a flow chart of a method for processing a block of data in a manner designed to facilitate secure content navigation.
- FIGS. 10A , 10 B, and 10 C illustrate an encoding scheme designed to facilitate secure content navigation in accordance with an embodiment of the present invention.
- FIG. 11 is a flow chart of a method for accessing a content file in accordance with an embodiment of the present invention.
- FIG. 12 illustrates an authentication tree in accordance with one embodiment of the present invention.
- FIGS. 13A , 13 B, 13 C, and 13 D illustrate a memory management technique for use in conjunction with the secure content navigation methods of the present invention.
- FIG. 14 is a data flow diagram illustrating a method for verifying the integrity of the hash values in a tree of hash values in accordance with an embodiment of the present invention.
- FIGS. 15A and 15B are flow charts of methods for authenticating blocks of data in accordance with embodiments of the present invention.
- Systems and methods are disclosed for enabling the recipient of a cryptographically-signed electronic communication to verify the authenticity of the communication on-the-fly, thus obviating the need to receive and store the entire communication before verifying its signature and releasing it to the end user.
- the systems and methods disclosed herein are believed to be as secure as conventional signature schemes which do not support on-the-fly signature verification.
- the efficiency of the disclosed systems and methods compares favorably with the efficiency of conventional techniques in terms of processing time and memory usage.
- the present invention advantageously provides systems and methods for reducing the bandwidth, storage, and/or processing requirements of secure communications systems.
- FIG. 2A illustrates a system for practicing an embodiment of the present invention.
- an encoding system 202 such as a general-purpose computer, is used to encode data and to transmit it to a recipient's system 204 (shown in FIG. 2B ), which could be another computer, a television set-top box, a portable audio or video player, or any other suitable system.
- encoding system 202 preferably includes:
- system 202 The operation of system 202 is controlled primarily by programs contained in system memory 218 and executed by the system's processing unit 216 . These programs preferably include modules for accepting input data and for processing the input data in accordance with the techniques described herein.
- system 202 preferably includes modules for generating hash values, digital signatures, and other metadata relating to the input data, and also preferably includes modules for storing and/or transmitting some or all of the metadata and input data.
- modules for generating hash values, digital signatures, and other metadata relating to the input data and also preferably includes modules for storing and/or transmitting some or all of the metadata and input data.
- modules for generating hash values, digital signatures, and other metadata relating to the input data and also preferably includes modules for storing and/or transmitting some or all of the metadata and input data.
- system 204 for decoding and authenticating data that have been encoded by a system such as system 202 .
- system 204 may consist of a personal computer system, a portable audio or video player, a television set-top box, a telephone, a personal digital assistant, or any other suitable device.
- Recipient's system 204 is operable to receive, decode, and authenticate data, and to release authenticated data for viewing, listening, execution (in the case of software), or other uses.
- Data can be delivered to system 204 in a variety of ways, including via network interface 275 .
- system 204 preferably includes:
- input verification logic 284 is used to verify the authenticity of streaming data 296 received from network 203 via network interface 275 , and/or to verify the authenticity of data contained in system memory 246 , on disk 280 , or on other storage media.
- Input verification logic 284 preferably includes signature verification logic 285 for unsigning signed data, and a hashing engine 286 for performing hashing operations.
- input verification logic 284 is implemented in firmware stored in ROM 250 and executed by processor 244 , one skilled in the art will appreciate that input verification logic 284 could alternatively be implemented using optional circuitry 270 , programs 272 stored in RAM 248 , or any other suitable combination of firmware, circuitry, and/or application programs.
- input verification logic 284 is implemented in a special protected processing environment (PPE) 288 , such as a chip or a tamper-resistant software module.
- PPE protected processing environment
- protected processing environment 288 preferably includes non-volatile memory 289 , volatile memory 290 , a processor 291 , a tamper-resistant barrier 293 , and a communications port 294 for communicating with other components of system 204 .
- Use of a protected processing environment can be advantageous, in that it provides an area that is protected from unauthorized observation or modification in which to store cryptographic keys and to perform cryptographic operations. Additional information on exemplary implementations of a protected processing environment can be found in Ginter, et.
- Encoding system 202 is operable to generate a chain or progression of verification values, each verification value in the chain being partially derived from the verification values that precede it.
- FIGS. 3 and 4 illustrate a technique for generating such a chain. The process shown in FIG. 3 is repeated for each sub-block P i of a data file ( 300 ), starting with the last sub-block of the file. As shown in FIG. 3 , a hash is calculated for each sub-block P i ( 302 ).
- a hashing algorithm such as SHA-1 is used; however, one of ordinary skill in the art will appreciate that any suitable hashing or combination function could be used, including the secure hashing functions described in B. Schneier, Applied Cryptography, 2d ed. (Wiley, 1996), pages 429-512 of which are hereby incorporated by reference.
- the hash of each sub-block is combined with the hash of the previous verification or check value in the chain ( 304 ), and the resulting check value, H(C i ), is saved for later use and/or transmission ( 306 ).
- H(C i ) is created by (a) concatenating the hash of P i with the previously-generated check value H(C i ⁇ 1 ), and (b) hashing the result; however, it will be appreciated that other combination techniques can be used instead without departing from the principles of the present invention.
- H(C i ) then becomes the “previous check value” for the next iteration ( 308 ), and the entire process ( 302 - 309 ) is repeated for the next sub-block.
- the last check/verification value (corresponding to the first sub-block in the file, P 1 ) is signed using a suitable signature or identification scheme ( 310 ), such as RSA, DSA, Diffie-Hellman encryption, an elliptic curve-based algorithm, or a suitable one of the techniques described in B. Schneier, Applied Cryptography 2d ed. at pages 483-512.
- a suitable signature or identification scheme such as RSA, DSA, Diffie-Hellman encryption, an elliptic curve-based algorithm, or a suitable one of the techniques described in B. Schneier, Applied Cryptography 2d ed. at pages 483-512.
- FIG. 4 is a data flow diagram of an illustrative implementation of the encoding process shown in FIG. 3 .
- a block of data 400 is shown that includes n sub-blocks (e.g., 402 , 410 , 418 , 425 , etc.).
- data block 400 is preferably loaded into system memory 218 of encoding device 202 .
- Data 400 may, for example, consist of an audio file compressed using the MP3 format, the WINDOWS® Media Audio format developed by Microsoft Corporation of Redmond, Wash., or any other suitable format.
- Data 400 may additionally (or alternatively) include video, textual, or multimedia information, a computer program or applet, or any other type of data or executable.
- data block 400 is processed from right to left (i.e., from the back of the data block to the front).
- the hash of the last sub-block. P n 402 is calculated.
- the result of this hashing operation, H(P n ) 404 is combined with a predefined pattern 406 , and the combination 407 is hashed to yield check value H(C n ) 408 .
- Pattern 406 may, for example, consist of a block the same size as H(P n ) 404 containing alternating 1's and 0's, a single repeating number, such as 0 or 10 hexadecimal (i.e., 0 ⁇ A), or any other suitable set of values.
- H(P n ) 404 and pattern 406 are simply concatenated; however, it will be appreciated that a more complex combination function could be used instead.
- combination block 405 can be effectively eliminated by feeding H(P n ) 404 and pattern 406 directly into the module or circuitry 409 that performs the hashing operation.
- the next sub-block, P n ⁇ 1 410 , of data block 400 is processed in a similar manner. Specifically, the hash of sub-block P n ⁇ 1 410 is calculated, and the result, H(P n ⁇ 1 ) 412 , is combined with H(C n ) 408 . The combination of H(P n ⁇ 1 ) 412 and H(C n ) 408 is hashed to yield H(C n ⁇ 1 ) 414 , which is used in the processing of the next sub-block, P n ⁇ 2 418 . As discussed previously, a separate combination step can be eliminated by simply feeding H(P n ⁇ 1 ) 412 and H(C n ) 408 directly into hashing module or circuitry 415 .
- encoding system 202 may include only one hash module, as opposed to a separate hash module or circuit for each sub-block (e.g., 408 , 415 , etc.), as shown in FIG. 4 to facilitate explanation.
- data flow through the hash module or circuit is controlled by system programs and/or clocking circuitry.
- encoding system 202 To transfer data block 400 to a recipient 204 , encoding system 202 first sends S(H(C 1 )) 424 , the sub-block to which S(H(C 1 )) 424 corresponds (i.e., P 1 425 ), and check value H(C 2 ) 421 . Encoding system 202 then continues to send successive sub-blocks, P i , and check values, H(C i+1 )—moving left to right in FIG. 4 —until the entire file has been transmitted. If it is desired to keep file 400 secret during transmission, the sub-blocks, P i , and optionally the check values, H(C i ), can be encrypted before they are sent; however, this is not necessary for purposes of practicing the present invention.
- FIG. 5 is a flow chart of a technique for decoding and authenticating data in accordance with an embodiment of the present invention.
- recipient 204 first obtains the signed check value, S(H(C 1 ))′, for the first sub-block of the file ( 502 ), and unsigns it using, e.g., the encoder's public key ( 504 ), which is preferably stored in recipient's ROM 250 / 289 or in another non-volatile memory store.
- the unsigned value, H(C 1 )′ can then be used to verify the authenticity of the next sub-block of data that is received ( 506 ).
- the “prime” notation used throughout the Detailed Description and Drawings denotes data that have undergone, e.g., a transmission or possible transformation that may have altered the data from their original form; for example, “P i ” represents an original sub-block, while “P i ′” represents that sub-block—or a sub-block purporting to be P i —after transmission to, e.g., recipient 204 ).
- the hash of the sub-block is calculated using the same hashing function used by encoding system 202 in block 302 of FIG. 3 ( 510 ).
- the hash of the sub-block is then combined with the next verification value that is received (i.e., H(C i+1 )), and the hash of the combination is computed ( 512 ).
- the technique used to form the combination in block 512 is the same or equivalent to the technique used by encoder 202 in block 304 of FIG. 3 .
- the calculated check value H(C i ′) is compared with the check value that was received, H(C i )′ ( 514 ), which in the case of the first sub-block, P 1 , is the unsigned value H(C 1 )′ obtained in block 504 .
- sub-block P i and check value H(C i+1 ) are deemed to be authentic, and the sub-block can be released for use ( 518 ).
- the check value is then updated ( 520 ), and the entire process ( 508 - 522 ) is repeated for the next sub-block and check value that are received.
- decoding system 204 is preferably operable to take appropriate defensive action 516 .
- decoding system 204 can terminate the connection with the source of the data, prevent the user from making further use of the data, display a warning or error message on display 262 , shut itself down, shut down the application that was receiving or using the file, or simply record the occurrence of this condition for later reporting or action.
- decoding system 204 could optionally continue playing or making use of the file even after an inequality was detected at block 514 , the file would no longer be authenticated with the security of the digital signature, thus making it possible for a clever attacker to mount an attack at relatively little cost compared with that of cracking the signature.
- FIG. 6 is a data flow diagram of an illustrative implementation of the process shown in FIG. 5 .
- a stream of data 600 is shown that could be received from, e.g., network interface 275 , input port 256 , or disk drive 258 .
- sub-blocks of data stream 600 are received (from left to right in FIG. 6 ) they are processed in the manner described in connection with FIG. 5 . If additional sub-blocks are received while other, previously-received sub-blocks are still being processed, buffer 259 can be used to temporarily store the incoming data until the decoding system is ready to process them.
- the first signed check value S(H(C 1 ))′ 602 when the first signed check value S(H(C 1 ))′ 602 is received, it is unsigned using, e.g., the encoder's public key 604 .
- the unsigned check value, H(C 1 )′ 605 is stored in system memory 246 / 290 for use in verifying the authenticity of the first sub-block, P 1 ′ 606 , contained in data stream 600 .
- sub-block P 1 ′ 606 is received, it is hashed using the same hashing function that the encoder used in block 302 of FIG. 3 .
- H(P 1 ′) 608 is combined with the next check value in the stream, i.e., H(C 2 )′ 610 , and the hash of this combination, H(C 1 ′) 612 , is calculated.
- the technique used to form combination 611 is the same or equivalent to the technique used in block 304 of FIG. 3 .
- comparison block 607 compares H(C 1 ′) 612 with check value H(C 1 )′ 605 . If these two values are equal, then the decoding system can be satisfied that P 1 ′ 606 and H(C 2 )′ 610 are authentic (i.e., that they are equal to P 1 425 and H(C 2 ) 421 , respectively, from encoding system 202 ). Decoding system 204 then releases content P 1 ′ 606 for use by the system, saves H(C 2 )′ 610 for later use in authenticating the next block of data, P 2 ′ 616 , and continues the process of receiving and authenticating successive blocks in stream 600 . If, on the other hand, comparison 607 fails, decoding system 204 can terminate further receipt of data stream 600 and/or take other defensive action.
- the next sub-block, P 2 ′ 616 , of stream 600 is processed in a substantially similar manner. Specifically, the hash of sub-block P 2 ′ 616 is calculated, and the result, H(P 2 ′) 618 , is combined with H(C 3 )′ 620 . The combination of H(P 2 ′) 618 and H(C 3 )′ 620 is hashed to yield H(C 2 ′) 622 . H(C 2 ′) 622 is compared with H(C 2 )′ 610 , which was authenticated in connection with the authentication of P 1 ′ 606 , as described in the preceding paragraph. If the comparison indicates that the two values are equal, then P 2 ′ 616 and H(C 3 )′ 620 are deemed to be authentic; otherwise, appropriate defensive measures are taken.
- the check values, H(C i ), and the hashed sub-blocks, H(P i ), are effectively interlocked, forming a chain or progression whose root is signed to yield signature 424 .
- Signature 424 is thus partially derived from each of the check values (or links) and sub-blocks of the file 400 . Because the authenticity determination for each sub-block thus depends, at least in part, on the signature value, this scheme is believed to be as secure as the conventional technique described previously in connection with FIGS. 1A and 1B . Yet unlike the conventional scheme, it is able to preserve the unity of the signed document and does not require that the entire document be received or stored in memory before its authenticity can be verified.
- FIGS. 3-6 introduces some processing and space overhead, it is preferable to the alternative of signing each sub-block separately, since there is only one public key operation, the hash operations are relatively cheap, and the size of each hash is typically much smaller than the size of a full cryptographic signature (e.g., by a factor of 10). It will be appreciated that the methods and structures set forth in FIGS. 3-6 illustrate one embodiment of the present invention, and that modifications can be made to these methods and structures without departing from the principles of the present invention.
- burst errors can occur in a network communication due to electromagnetic interference, faulty connections, and/or lost or delayed packets of data.
- data stored on, and retrieved from, computer readable media can suffer from bit errors due to defective storage cells or read/write errors, and these errors can cause data to be lost or misinterpreted.
- restarting reception effectively eviscerates one of the primary benefits of streaming delivery—i.e., the ability to use data as it is being delivered, instead of having to wait until an entire file is received.
- restarting reception effectively eviscerates one of the primary benefits of streaming delivery—i.e., the ability to use data as it is being delivered, instead of having to wait until an entire file is received.
- the present invention solves the problem described above while requiring only a small amount of additional data to be inserted into the transmitted data stream, as shown in FIGS. 7 and 8 .
- the hash, H(P i ), of each sub-block, P i is also packaged in the transmitted data stream. This can be done, for example, between blocks 302 and 304 of the flow chart shown in FIG. 3 .
- the additional hash values allow detection of bit errors in P i (and/or H(P i )) prior to, and/or independent of, the detection of such errors by the authentication process described in connection with FIGS. 5 and 6 . In this way, if part of the content stream is corrupted, a correction can be made that enables the verification of the rest of the stream to continue.
- FIG. 7 is a flow chart of an illustrative embodiment of such an error-recovery process.
- the process described in FIG. 7 can be inserted between blocks 510 and 512 of the authentication process shown in FIG. 5 .
- the decoding system receives a sub-block, P i ′, and its corresponding hash, H(P i )′
- the decoding system computes the hash of P i ′ as previously described in connection with FIG. 5 (i.e., block 510 ).
- the computed hash, H(P i ′) is then compared with the hash, H(P i )′, that was inserted into the data stream.
- the signature verification scheme proceeds with the process shown in FIGS. 5 and 6 . However, if the comparison fails (i.e., a “no” exit from block 706 ), this provides evidence that sub-block P i has been corrupted. When this occurs, the decoding system is operable to use the included hash H(P i )′ in place of the computed hash H(P i ′) in the subsequent authentication process ( 712 ), thus enabling the authentication to succeed (provided, of course, that the included hash H(P i )′ has not been corrupted, too).
- the detection of errors at block 706 is recorded, so that the decoding system can detect unduly high levels of such errors and take appropriate defensive action.
- the system might simply sum the detected errors ( 708 ) and compare the running total with a threshold or a threshold percentage ( 710 ).
- the pattern of detected errors between blocks can be recorded and analyzed, so that suspicious patterns can be detected (e.g., errors in more than a predefined number of consecutive blocks, errors at the same position in comparable groups of blocks, etc.), even though the gross amount or percentage of errors may not exceed a given threshold. It should be appreciated, however, that any suitable error response could be used without departing from the principles of the present invention.
- FIG. 8 is an illustration of how the data flow diagram shown in FIG. 6 could be modified to incorporate the error-recovery process described above.
- the primary modifications are the addition of hash blocks 802 in the data stream, the addition of comparison blocks 804 , and the addition of appropriate logic 806 to handle the output of the comparison blocks.
- the output of comparator 804 could be used to select the appropriate one of H(P i ′) and H(P i )′ using a multiplexer 806 .
- H(P i )′ 802 additional fault tolerance is provided by accounting for errors that may occur in the included hash.
- Errors in H(P i )′ can lead to inappropriate rejection of the content, since if H(P i ′) 803 is replaced by a corrupted H(P i )′ 802 —i.e., a “no” output from comparison 706 —comparison 808 can be expected to fail even if block P i ′ has not been corrupted.
- blocks 810 and 812 are executed again using the computed hash H(P i ′) 803 instead of the included hash H(P i )′ 802 . If comparison 808 then succeeds, the recipient can be confident that data P i ′ is authentic. Thus, this embodiment prevents errors in the included hash from causing incorrect invalidity assessments to be made about P i ′.
- the mechanism described above provides fault tolerance while avoiding serious compromise to the security offered by the authentication process. This would not be the case, for example, if a certain number of failed comparisons 514 were allowed in the process shown in FIG. 5 , since any such failed comparison would break the connection between the remaining portion of the hash chain and the signature of the root—the chain's dependence on the signature (and vice-versa) being responsible for the bulk of the security offered by this scheme.
- Another problem facing signature-based authentication schemes is that of providing some degree of random access to the signed data in a manner that does not compromise the ability to detect unauthentic data. For example, a user may wish to access a track in the middle of a CD or database without having to listen to each of the preceding tracks and/or without having to wait for each track to be authenticated. However, if the root signature is at the beginning of the CD or database, allowing access to a track in the middle, without first verifying the authenticity of each intervening block of data and each block's corresponding check value, would break the chain of trust connecting the intermediate track to the root signature.
- secure content navigation and quasi-random access are enabled by constructing a tree of hash values, the tree deriving its security in substantially the same manner as the hash chain described above in connection with FIGS. 3-8 .
- the tree enables efficient authentication of the content contained at an arbitrary, user-selected location within a content file, and enables decoding/playing device 204 to efficiently and dynamically authenticate successive blocks of content starting from the selected location. The construction and use of such a tree is described below in connection with FIGS. 9-15 .
- FIG. 9 is a flow chart illustrating a process for encoding data in a manner designed to facilitate efficient and secure content navigation.
- the content provider preprocesses a predefined portion of content (e.g., a file or a track) by dividing it (logically or physically) into segments P i ( 910 ), similar to the manner in which content was divided into sub-blocks in FIG. 4 .
- the hash H(P i ) of each of these segments is computed ( 912 ), groups of these hashes are combined ( 914 ), and the hash, H(G m,i ), of each of the new groups is calculated ( 916 ) (where the subscript “m” denotes the mth level of the hash tree, and the subscript “i” denotes the ith group-hash of that level). As shown in FIG. 9 , this process is repeated until a single group hash, H(G 1,1 ), is obtained for the entire file ( 918 - 924 ). The final group hash is then signed ( 926 ), and the signature and a predefined portion of the previously-calculated hash values are stored for later use in verifying the integrity of the content to which they correspond ( 928 ).
- FIGS. 10A and 10B further illustrate the process described above.
- a content file 1005 e.g., a document, movie, audio track, etc.
- segments 1010 are of equal size; however, it will be appreciated that segments of different sizes could also be used.
- the hash of each segment 1010 is taken, yielding a plurality of hash values, H(P i ) 1012 .
- Hash values 1012 are partitioned into groups 1014 (again, either logically or physically), and the hash of each such group, H(G n ⁇ 1,i ) 1016 , is computed.
- groups of four hashes 1012 are concatenated; however, it will be appreciated that any suitable predefined number of hashes could be combined in any suitable manner without departing from the principles of the present invention.
- a symmetric tree structure is shown in FIGS. 10A and 10B , one of ordinary skill in the art will appreciate that any suitable data structure could be used, including without limitation a b-tree, a binary tree, a t-ary tree, an asymmetric tree, or a tree with a non-uniform branching factor.
- the process of combining groups of hashes and hashing the result is repeated for each level of hashes 1024 , and concludes once a final top-level group hash, H(G 1,1 ) 1020 , is obtained for the entire file 1005 .
- Signature 1022 is formed by signing final group hash 1020 .
- FIG. 10C a tree 1026 of hash or check values is generated, culminating in a signed check value 1022 for the entire file 1005 or the relevant portion thereof.
- tree 1026 may be stored in, e.g., memory 218 of encoding system 202 , and/or transmitted to a user's system 204 via, e.g., network 203 , disc 280 , or I/O port 212 for use and/or storage along with the content file 1005 to which it corresponds.
- a user's system 204 via, e.g., network 203 , disc 280 , or I/O port 212 for use and/or storage along with the content file 1005 to which it corresponds.
- the tree structure of the present invention is readily scalable.
- separate trees can be provided for different subparts of a file (e.g., separate tracks on an audio CD), or a single tree can be provided for the entire file.
- FIG. 11 is a flowchart illustrating a method by which a user can access content that has been processed in the manner described above.
- the user first obtains the content file and its corresponding signature and hash tree ( 1102 ).
- the user's system 204 may receive these data from network 203 or a disc 280 inserted into disc drive 258 .
- the relevant portion of the hash tree is loaded into memory 246 and/or secure memory 290 , and the integrity of the loaded hash values are verified ( 1108 ).
- input verification engine 284 loads only those groups of hash values in the tree that are needed to verify the authenticity of the first block of the requested portion of content; however, it will be appreciated that any suitable portion of the tree could be loaded in any suitable manner without departing from the principles of the present invention. For example, in one embodiment only the top two levels of hash values (i.e., levels 1 and 2 in FIG. 10C ) are retained in memory with the content file and loaded into secure memory when access to a portion of the content file is requested. And in another embodiment, the entire hash tree is loaded into memory 290 and authenticated.
- the verification failure handler may, for example, simply display an error message to the user and terminate further access to the content. Or, in another embodiment, the verification error handler may re-compute the hash value(s) that failed to verify, using the appropriate portion of the stored content file. The recomputed hash values can then be combined, hashed, and compared with the original signature. Such an approach can be useful if the hash values, but not the content or the signature, have been corrupted. In other embodiments, other error handling techniques are used.
- FIGS. 12 and 13 illustrate one preferred implementation of the authentication technique described in connection with FIG. 11 .
- a hash tree 1200 is shown that corresponds to content file 1202 , the content file being comprised of a plurality of blocks 1204 .
- Hash tree 1200 could, for example, be constructed in the manner described above in connection with FIGS. 9 and 10 .
- decoding system 204 preferably loads the relevant branches of tree 1200 into a memory such as RAM 290 of PPE 288 . For example, if the user wishes to access content block 1204 c , then, as shown in FIG. 12 , root 1210 , the four level-2 hashes 1212 , four of the level-3 hashes 1214 , and four of the level-4 hashes 1216 are loaded into memory 290 and authenticated.
- FIGS. 13A , 13 B, 13 C, and 13 D provide a more detailed illustration of a preferred technique for loading relevant portions of tree 1200 into memory and for authenticating those tree portions along with the content to which they correspond.
- hash values from tree 1200 are stored in memory 290 in a stack data structure 1302 .
- FIGS. 13A-13D illustrate the state of stack 1302 at various points during the authentication of a piece of content.
- FIG. 13A if a user requests access to block 1204 a of FIG. 12 , the corresponding hash groups 1210 , 1212 , 1213 , 1215 of tree 1200 are pushed onto stack 1302 .
- hashes 1212 can be authenticated by hashing their combination and comparing that value with unsigned root hash 1210 .
- hashes 1213 are authenticated by hashing their combination and comparing that value with the appropriate previously-loaded hash value (i.e., hash 1220 ), and hashes 1215 are authenticated in a similar manner using hash 1218 .
- the requested portion of content 1204 a is authenticated by computing its hash and comparing that value with hash 1222 .
- successive portions of content are accessed (e.g., 1204 b , etc.), their hashes are computed and compared with the corresponding authenticated hash values on the stack.
- FIGS. 13B , 13 C, and 13 D when additional portions of tree 1200 are needed, they can be loaded onto stack 1302 and authenticated, and previously-loaded portions of tree 1200 that are no longer needed can be removed from the stack.
- FIG. 13B when decoding device 204 wishes to access block P1.2.1, hashes 1316 are loaded onto stack 1302 and authenticated against previously-authenticated hash value 1324 .
- content blocks are loaded into, e.g., RAM 248 or RAM 290 of the user's system 204 prior to authentication, and after authentication the blocks are released for use directly therefrom.
- This procedure helps prevent an attacker from substituting unauthentic content for content that has been authenticated, e.g., by overwriting the authenticated content in insecure memory.
- the integrity of content is verified (or re-verified) each time it is retrieved from insecure memory for use.
- the approach illustrated in FIGS. 12 and 13 can thus provide an efficient balance between the memory and processing requirements of the authentication scheme.
- the amount of memory used by this embodiment is about four hashes for each level of the tree (except for the root).
- an eight-level hash tree with a branching factor of four could be used to authenticate the content of a DVD containing 7.5 gigabytes of data, the data being divided into 15,000 blocks of 500 kilobytes each.
- the root hash and four hash values from each of the other seven levels of the tree would be loaded onto the stack.
- hash function that yields 20-byte hashes (e.g., SHA-1)
- it would only be necessary to have stack storage for 7*4*20+20 580 bytes of hash data (possibly plus a small amount of additional indexing metadata).
- real-time processing requirements can be reduced by pre-authenticating successive portions of the tree in a pipelined fashion.
- the hash values 1328 needed to authenticate the next group of data blocks (and/or the data blocks themselves) can be pre-loaded and authenticated before access to those data blocks is actually needed.
- selected hash values and the signature can be loaded into memory when a user's system 204 is turned on, or when a specific application is initiated.
- the portable device when a portable device is turned on, and/or when a CD is inserted into the portable device, the portable device automatically loads and verifies the hash values and the signature(s) that correspond to the content that is deemed most likely to be requested next (e.g., the first track of the CD, the content at the location that was accessed most recently, etc.).
- well-known caching techniques can be used to load and authenticate the hash values and/or tree(s) deemed most likely to be used next.
- FIGS. 12 and 13 illustrate an embodiment in which only those hash groups needed to authenticate a given content block are loaded into secure memory and authenticated
- FIGS. 12 and 13 illustrate an embodiment in which only those hash groups needed to authenticate a given content block are loaded into secure memory and authenticated
- FIGS. 12 and 13 illustrate an embodiment in which only those hash groups needed to authenticate a given content block are loaded into secure memory and authenticated
- FIGS. 12 and 13 illustrate an embodiment in which only those hash groups needed to authenticate a given content block are loaded into secure memory and authenticated
- FIGS. 12 and 13 illustrate an embodiment in which only those hash groups needed to authenticate a given content block are loaded into secure memory and authenticated
- FIGS. 12 and 13 illustrate an embodiment in which only those hash groups needed to authenticate a given content block are loaded into secure memory and authenticated
- the entire hash tree is pre-loaded and authenticated.
- the process shown in FIG. 11 is modified by moving blocks 1108 and 1110 so that they fall between blocks 1104 and 1106 (
- This technique may be useful in applications where system memory is not a limiting factor, and/or in embodiments where a content file (e.g., a CD or DVD) is mapped onto a plurality of relatively small, authentication trees (e.g., one per track).
- a content file e.g., a CD or DVD
- authentication trees e.g., one per track
- FIG. 14 illustrates a process for authenticating the hash values of a tree in an embodiment in which the entire tree is loaded into memory prior to content access.
- level-one root hash 1404 is obtained by unsigning signature 1402
- calculated root hash 1406 is obtained by combining and hashing the level-two hashes 1408 .
- Calculated hash 1406 is then compared with unsigned root hash 1404 , and an error handler 1405 is called if the comparison is unsuccessful. If the comparison is successful, then the stored level-two hashes 1408 are deemed to be authentic.
- each group of level-three hashes 1412 is hashed to yield a calculated level-two hash 1410 .
- Each calculated level-two hash 1410 is compared with its corresponding, stored level-two hash 1408 . If any such comparison fails, then the appropriate error handler is called; otherwise, the stored level-three hashes 1412 are deemed to be authentic. As shown in FIG. 14 , the verification process continues in this manner until each level of stored hashes has been authenticated.
- the upper layers of the hash tree can be removed from secure memory 290 , thereby advantageously conserving space, which in many applications is of limited supply.
- the hash values 1012 at the lowest level (i.e., the nth level) of the tree are maintained in secure memory. Since the lower hash values derive their security from having been checked against the root signature (or values derived therefrom), compromise to security is avoided as long as the lower hash values are maintained in secure memory after they have been authenticated.
- the entire tree preferably remains stored in non-volatile memory 251 , ROM 250 , and/or disc 280 , some or all of the tree is available to be reloaded into secure memory 290 and re-authenticated if the need arises.
- FIG. 15A illustrates the authentication process for an embodiment such as that shown in FIGS. 12 and 13 in which the hashes from the lowest level of the tree (i.e., the nth level) are stored in secure memory 290 .
- a block of content is authenticated by computing its hash ( 1502 ), and comparing it with the corresponding hash stored in memory ( 1504 ). If the computed hash is equal to the stored (and previously authenticated) hash, then the content is deemed to be authentic; otherwise, appropriate defensive measures are taken ( 1505 ).
- any suitable defensive measure(s) could be used.
- further access to the content (or at least the unauthentic block) is denied.
- an error handling routine could be called ( 1505 ) to determine (e.g., based on the frequency, number, or pattern of errors) whether to permit access to the block despite its failure to authenticate, or whether to prevent or terminate access to the block instead. For example, if the block size is small enough that allowing a certain level of unauthentic content to be used would not unduly compromise the interests being protected by the authentication scheme, then allowing use to proceed despite the detection of some errors may be desirable.
- FIG. 15B illustrates the process of authenticating a block of content in an embodiment in which the lowest level of the hash tree that is stored in memory 290 is the next-to-last level (i.e., the (n ⁇ 1)st level).
- the next-to-last level i.e., the (n ⁇ 1)st level.
- this process is quite similar to the process shown in FIG. 14 for verifying the integrity of a hash tree.
- FIG. 15B when access to a particular piece of content is requested, a content segment that includes the beginning of the requested piece is first loaded and partitioned (logically or physically) into blocks ( 1510 ).
- the hash of each such block is computed ( 1512 ), the hashes are combined ( 1514 ), and the hash of the combination is computed ( 1516 ). The result is compared with the appropriate (n ⁇ 1)st level hash stored in memory ( 1518 ). If the computed hash is equal to the stored hash, then the content is deemed to be authentic; otherwise, appropriate defensive measures are taken ( 1519 ).
- a different level e.g., the (n ⁇ 2)nd level, etc.
- the granularity of the random-access verification scheme is effectively determined by the level of the hash values that are stored in memory. For example, if, as in FIG. 15A , hashes from the lowest level of the tree are authenticated and stored in memory, then content can be authenticated directly on a block-by-block basis. If, on the other hand, the next-to-lowest level of hashes are stored in memory—as in FIG. 15 B—then content is authenticated four blocks at a time (i.e., by an amount of blocks equal to the branching factor used in the tree). In a limiting case, where only the root signature of the tree is stored in memory, the authentication granularity would be the size of the file itself.
- the granularity of the authentication scheme need not limit the granularity of the actual access that is allowed.
- the authentication granularity simply relates to the amount of computation that is performed by the authentication scheme before content is released.
- a portable device may allow the user to jump to an arbitrary point within a content file, irrespective of the granularity of the authentication scheme; however, the granularity of the authentication scheme would dictate the amount of computation needed to authenticate the content before it was released.
- the amount of computational resources there will typically be some tradeoff between the amount of computational resources and the amount of memory required by the authentication scheme.
- the memory requirements are relatively low (e.g., the size of a signature or hash), while the dynamic computation requirements are relatively high, as the entire hash tree must be computed dynamically before any given piece of content is released.
- dynamic computation requirements are minimized by storing hashes from the lowest level of the tree in secure memory, thus allowing any given content block to be authenticated simply by computing a hash and performing a comparison. Since the hash values are typically small in comparison with the size of the content blocks from which they are derived, the space consumed by the tree will usually be relatively small.
- the amount of dynamic memory needed to store the relevant hash values would only be about 420 bytes if the approach shown in FIGS. 12 and 13 were used, or 20 kilobytes if the approach described in connection with FIG. 14 were used (assuming a uniform branching factor of four). It will be appreciated, however, that for purposes of practicing the present invention other suitable balances between memory and processing requirements could be struck.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
Description
-
- a
processing unit 216; -
system memory 218, preferably including both high speed random access memory (RAM) and non-volatile memory, such as read only memory (ROM), erasable or alterable non-volatile memory (e.g., flash memory), and/or a hard disk, for storing system control programs, data, cryptographic keys, application programs, and the like; - one or more input/output devices, including, for example:
-
network interface 210 for communicating with other systems via anetwork 203 such as the Internet; - I/
O port 212 for connecting to, e.g., a portable device, another computer, or other peripheral devices; and - one or
more disk drives 214 for reading from, and/or writing to, e.g., diskettes, compact discs, DVDs, SONY® MINIDISC™ audio discs, produced by Sony Corporation of Tokyo, Japan and New York, N.Y., and/or other computer readable media;
-
- a
user interface 226, including adisplay 228 and one or more input devices, such askeyboard 206 andmouse 208; and - one or more
internal buses 240 for interconnecting the aforementioned elements of the system.
- a
-
- a
processing unit 244; -
system memory 246, preferably including a combination ofRAM 248,ROM 250, and non-volatile memory 251 (such as flash memory or a magnetic disk) for storing system control programs, data, and application programs, including programs such asinput verification logic 284 for performing the techniques described herein; - one or more input/output devices, including, for example:
-
network interface 275 for communicating with other systems vianetwork 203; - I/
O port 256 for connecting to, e.g., a portable device or another computer; - one or
more disk drives 258 for reading data and/or programs from, e.g., diskettes, compact discs, DVDs, and/or MINIDISC™ audio discs; and/or - a
speaker system 273;
-
- a
user interface 260, including adisplay 262 and one more input devices such ascontrol panel 264; and - one or more
internal buses 274 for interconnecting the aforementioned elements of the system.
- a
Claims (9)
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/018,274 US8762711B2 (en) | 1999-06-08 | 2011-01-31 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
US14/304,422 US9401896B2 (en) | 1999-12-14 | 2014-06-13 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
US15/188,737 US10025953B2 (en) | 1999-12-14 | 2016-06-21 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
US16/010,004 US20190042794A1 (en) | 1999-12-14 | 2018-06-15 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13817199P | 1999-06-08 | 1999-06-08 | |
US17082899P | 1999-12-14 | 1999-12-14 | |
US09/543,750 US6959384B1 (en) | 1999-12-14 | 2000-04-05 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
US11/112,520 US7340602B2 (en) | 1999-06-08 | 2005-04-22 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
US12/038,664 US7882351B2 (en) | 1999-06-08 | 2008-02-27 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
US13/018,274 US8762711B2 (en) | 1999-06-08 | 2011-01-31 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/038,664 Continuation US7882351B2 (en) | 1999-06-08 | 2008-02-27 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/304,422 Continuation US9401896B2 (en) | 1999-12-14 | 2014-06-13 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
Publications (2)
Publication Number | Publication Date |
---|---|
US20110126084A1 US20110126084A1 (en) | 2011-05-26 |
US8762711B2 true US8762711B2 (en) | 2014-06-24 |
Family
ID=35115411
Family Applications (7)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/543,750 Expired - Lifetime US6959384B1 (en) | 1999-06-08 | 2000-04-05 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
US11/112,520 Expired - Lifetime US7340602B2 (en) | 1999-06-08 | 2005-04-22 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
US12/038,664 Expired - Fee Related US7882351B2 (en) | 1999-06-08 | 2008-02-27 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
US13/018,274 Expired - Fee Related US8762711B2 (en) | 1999-06-08 | 2011-01-31 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
US14/304,422 Expired - Fee Related US9401896B2 (en) | 1999-12-14 | 2014-06-13 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
US15/188,737 Expired - Fee Related US10025953B2 (en) | 1999-12-14 | 2016-06-21 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
US16/010,004 Abandoned US20190042794A1 (en) | 1999-12-14 | 2018-06-15 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
Family Applications Before (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/543,750 Expired - Lifetime US6959384B1 (en) | 1999-06-08 | 2000-04-05 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
US11/112,520 Expired - Lifetime US7340602B2 (en) | 1999-06-08 | 2005-04-22 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
US12/038,664 Expired - Fee Related US7882351B2 (en) | 1999-06-08 | 2008-02-27 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
Family Applications After (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/304,422 Expired - Fee Related US9401896B2 (en) | 1999-12-14 | 2014-06-13 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
US15/188,737 Expired - Fee Related US10025953B2 (en) | 1999-12-14 | 2016-06-21 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
US16/010,004 Abandoned US20190042794A1 (en) | 1999-12-14 | 2018-06-15 | Systems and methods for authenticating and protecting the integrity of data streams and other data |
Country Status (1)
Country | Link |
---|---|
US (7) | US6959384B1 (en) |
Families Citing this family (249)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6658568B1 (en) | 1995-02-13 | 2003-12-02 | Intertrust Technologies Corporation | Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management |
US5943422A (en) | 1996-08-12 | 1999-08-24 | Intertrust Technologies Corp. | Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels |
CN1312549C (en) | 1995-02-13 | 2007-04-25 | 英特特拉斯特技术公司 | Systems and methods for secure transaction management and electronic rights protection |
US7133846B1 (en) | 1995-02-13 | 2006-11-07 | Intertrust Technologies Corp. | Digital certificate support system, methods and techniques for secure electronic commerce transaction and rights management |
US6157721A (en) | 1996-08-12 | 2000-12-05 | Intertrust Technologies Corp. | Systems and methods using cryptography to protect secure computing environments |
US7165174B1 (en) * | 1995-02-13 | 2007-01-16 | Intertrust Technologies Corp. | Trusted infrastructure support systems, methods and techniques for secure electronic commerce transaction and rights management |
US6948070B1 (en) | 1995-02-13 | 2005-09-20 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
US5892900A (en) | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US7809138B2 (en) * | 1999-03-16 | 2010-10-05 | Intertrust Technologies Corporation | Methods and apparatus for persistent control and protection of content |
US8380041B2 (en) * | 1998-07-30 | 2013-02-19 | Tivo Inc. | Transportable digital video recorder system |
US6959384B1 (en) | 1999-12-14 | 2005-10-25 | Intertrust Technologies Corporation | Systems and methods for authenticating and protecting the integrity of data streams and other data |
US7430670B1 (en) * | 1999-07-29 | 2008-09-30 | Intertrust Technologies Corp. | Software self-defense systems and methods |
KR100782230B1 (en) * | 1999-08-04 | 2007-12-05 | 나그라비젼 에스에이 | Method for guaranteeing the integrity and authenticity of a set of data |
DE19961838A1 (en) * | 1999-12-21 | 2001-07-05 | Scm Microsystems Gmbh | Method and device for checking a file |
US7302467B2 (en) * | 2000-08-07 | 2007-11-27 | Sony Corporation | Information processing device and information processing method, service providing system, and computer-executable program for the same |
JP4093723B2 (en) * | 2001-01-24 | 2008-06-04 | ケープレックス・インク | Electronic signature method and apparatus for structured document |
US9520993B2 (en) * | 2001-01-26 | 2016-12-13 | International Business Machines Corporation | Renewable traitor tracing |
US8121296B2 (en) | 2001-03-28 | 2012-02-21 | Qualcomm Incorporated | Method and apparatus for security in a data processing system |
US8077679B2 (en) | 2001-03-28 | 2011-12-13 | Qualcomm Incorporated | Method and apparatus for providing protocol options in a wireless communication system |
US9100457B2 (en) | 2001-03-28 | 2015-08-04 | Qualcomm Incorporated | Method and apparatus for transmission framing in a wireless communication system |
KR100593491B1 (en) * | 2001-07-17 | 2006-06-30 | 샤프 가부시키가이샤 | Apparatus and method for generating data for detecting false alteration of encrypted data during processing |
US20070277037A1 (en) * | 2001-09-06 | 2007-11-29 | Randy Langer | Software component authentication via encrypted embedded self-signatures |
US7210134B1 (en) | 2001-09-06 | 2007-04-24 | Sonic Solutions | Deterring reverse-engineering of software systems by randomizing the siting of stack-based data |
US20060075507A1 (en) * | 2001-09-06 | 2006-04-06 | Sonic Solutions | Secure protocols for use with microsoft directshow filters |
US7352868B2 (en) | 2001-10-09 | 2008-04-01 | Philip Hawkes | Method and apparatus for security in a data processing system |
US7649829B2 (en) * | 2001-10-12 | 2010-01-19 | Qualcomm Incorporated | Method and system for reduction of decoding complexity in a communication system |
US20030084298A1 (en) * | 2001-10-25 | 2003-05-01 | Messerges Thomas S. | Method for efficient hashing of digital content |
US7260555B2 (en) | 2001-12-12 | 2007-08-21 | Guardian Data Storage, Llc | Method and architecture for providing pervasive security to digital assets |
US7930756B1 (en) | 2001-12-12 | 2011-04-19 | Crocker Steven Toye | Multi-level cryptographic transformations for securing digital assets |
US7380120B1 (en) | 2001-12-12 | 2008-05-27 | Guardian Data Storage, Llc | Secured data format for access control |
US10360545B2 (en) | 2001-12-12 | 2019-07-23 | Guardian Data Storage, Llc | Method and apparatus for accessing secured electronic data off-line |
US7921284B1 (en) | 2001-12-12 | 2011-04-05 | Gary Mark Kinghorn | Method and system for protecting electronic data in enterprise environment |
US8065713B1 (en) | 2001-12-12 | 2011-11-22 | Klimenty Vainstein | System and method for providing multi-location access management to secured items |
USRE41546E1 (en) | 2001-12-12 | 2010-08-17 | Klimenty Vainstein | Method and system for managing security tiers |
US7921288B1 (en) | 2001-12-12 | 2011-04-05 | Hildebrand Hal S | System and method for providing different levels of key security for controlling access to secured items |
US7783765B2 (en) | 2001-12-12 | 2010-08-24 | Hildebrand Hal S | System and method for providing distributed access control to secured documents |
US7921450B1 (en) | 2001-12-12 | 2011-04-05 | Klimenty Vainstein | Security system using indirect key generation from access rules and methods therefor |
US10033700B2 (en) | 2001-12-12 | 2018-07-24 | Intellectual Ventures I Llc | Dynamic evaluation of access rights |
US7178033B1 (en) | 2001-12-12 | 2007-02-13 | Pss Systems, Inc. | Method and apparatus for securing digital assets |
US7681034B1 (en) | 2001-12-12 | 2010-03-16 | Chang-Ping Lee | Method and apparatus for securing electronic data |
US8006280B1 (en) | 2001-12-12 | 2011-08-23 | Hildebrand Hal S | Security system for generating keys from access rules in a decentralized manner and methods therefor |
US7565683B1 (en) | 2001-12-12 | 2009-07-21 | Weiqing Huang | Method and system for implementing changes to security policies in a distributed security system |
US7950066B1 (en) | 2001-12-21 | 2011-05-24 | Guardian Data Storage, Llc | Method and system for restricting use of a clipboard application |
JP2003224556A (en) * | 2002-01-28 | 2003-08-08 | Toshiba Corp | Communication equipment and communication control method |
US8176334B2 (en) | 2002-09-30 | 2012-05-08 | Guardian Data Storage, Llc | Document security system that permits external users to gain access to secured files |
EP1343286A1 (en) * | 2002-03-04 | 2003-09-10 | BRITISH TELECOMMUNICATIONS public limited company | Lightweight authentication of information |
US7748045B2 (en) | 2004-03-30 | 2010-06-29 | Michael Frederick Kenrich | Method and system for providing cryptographic document retention with off-line access |
US7533412B2 (en) * | 2002-04-23 | 2009-05-12 | Stmicroelectronics S.A. | Processor secured against traps |
US8301884B2 (en) * | 2002-09-16 | 2012-10-30 | Samsung Electronics Co., Ltd. | Method of managing metadata |
US7836310B1 (en) | 2002-11-01 | 2010-11-16 | Yevgeniy Gutnik | Security system that uses indirect password-based encryption |
US8140824B2 (en) * | 2002-11-21 | 2012-03-20 | International Business Machines Corporation | Secure code authentication |
US6928526B1 (en) * | 2002-12-20 | 2005-08-09 | Datadomain, Inc. | Efficient data storage system |
US7599655B2 (en) | 2003-01-02 | 2009-10-06 | Qualcomm Incorporated | Method and apparatus for broadcast services in a communication system |
GB2400463B (en) | 2003-04-11 | 2005-05-25 | Nextenders | Data processing apparatus and method for distributing and authenticating electronic documents |
US8707034B1 (en) | 2003-05-30 | 2014-04-22 | Intellectual Ventures I Llc | Method and system for using remote headers to secure electronic files |
US7475254B2 (en) * | 2003-06-19 | 2009-01-06 | International Business Machines Corporation | Method for authenticating software using protected master key |
US7949877B2 (en) * | 2003-06-30 | 2011-05-24 | Realnetworks, Inc. | Rights enforcement and usage reporting on a client device |
US7730543B1 (en) | 2003-06-30 | 2010-06-01 | Satyajit Nath | Method and system for enabling users of a group shared across multiple file security systems to access secured files |
US20040264927A1 (en) * | 2003-06-30 | 2004-12-30 | Microsoft Corporation | Modular architecture to unify the playback of DVD technologies |
US7949132B2 (en) * | 2003-07-01 | 2011-05-24 | Microsoft Corporation | Modular architecture to unify the playback of DVD technologies |
US8098818B2 (en) | 2003-07-07 | 2012-01-17 | Qualcomm Incorporated | Secure registration for a multicast-broadcast-multimedia system (MBMS) |
US8718279B2 (en) | 2003-07-08 | 2014-05-06 | Qualcomm Incorporated | Apparatus and method for a secure broadcast system |
US7865722B2 (en) * | 2003-07-22 | 2011-01-04 | Agency For Science, Technology And Research | Method of identifying an object and a tag carrying identification information |
US20050050342A1 (en) * | 2003-08-13 | 2005-03-03 | International Business Machines Corporation | Secure storage utility |
JP4809766B2 (en) * | 2003-08-15 | 2011-11-09 | 株式会社エヌ・ティ・ティ・ドコモ | Data stream authentication method and apparatus adaptively controlling loss |
US8724803B2 (en) * | 2003-09-02 | 2014-05-13 | Qualcomm Incorporated | Method and apparatus for providing authenticated challenges for broadcast-multicast communications in a communication system |
JP4460251B2 (en) * | 2003-09-19 | 2010-05-12 | 株式会社エヌ・ティ・ティ・ドコモ | Structured document signature apparatus, structured document adaptation apparatus, and structured document verification apparatus. |
US7703140B2 (en) | 2003-09-30 | 2010-04-20 | Guardian Data Storage, Llc | Method and system for securing digital assets using process-driven security policies |
US8127366B2 (en) | 2003-09-30 | 2012-02-28 | Guardian Data Storage, Llc | Method and apparatus for transitioning between states of security policies used to secure electronic documents |
US7315866B2 (en) * | 2003-10-02 | 2008-01-01 | Agency For Science, Technology And Research | Method for incremental authentication of documents |
JP4354268B2 (en) * | 2003-12-22 | 2009-10-28 | 株式会社河合楽器製作所 | Signal processing device |
US7415653B1 (en) | 2004-04-21 | 2008-08-19 | Sun Microsystems, Inc. | Method and apparatus for vectored block-level checksum for file system data integrity |
US7424574B1 (en) | 2004-04-21 | 2008-09-09 | Sun Microsystems, Inc. | Method and apparatus for dynamic striping |
US7603568B1 (en) | 2004-04-21 | 2009-10-13 | Sun Microsystems, Inc. | Method and apparatus for self-validating checksums in a file system |
US7412450B1 (en) * | 2004-05-26 | 2008-08-12 | Sun Microsystems, Inc. | Method and apparatus for identifying tampering of data in a file system |
US7526622B1 (en) | 2004-05-26 | 2009-04-28 | Sun Microsystems, Inc. | Method and system for detecting and correcting data errors using checksums and replication |
US7496586B1 (en) | 2004-05-26 | 2009-02-24 | Sun Microsystems, Inc. | Method and apparatus for compressing data in a file system |
US7281188B1 (en) | 2004-05-26 | 2007-10-09 | Sun Microsystems, Inc. | Method and system for detecting and correcting data errors using data permutations |
FR2871012B1 (en) * | 2004-05-28 | 2006-08-11 | Sagem | METHOD FOR LOADING FILES FROM A CLIENT TO A TARGET SERVER AND DEVICE FOR IMPLEMENTING THE METHOD |
US7707427B1 (en) | 2004-07-19 | 2010-04-27 | Michael Frederick Kenrich | Multi-level file digests |
US7937593B2 (en) * | 2004-08-06 | 2011-05-03 | Broadcom Corporation | Storage device content authentication |
US7437528B1 (en) | 2004-08-17 | 2008-10-14 | Sun Microsystems, Inc. | Gang blocks |
US7533225B1 (en) | 2004-08-17 | 2009-05-12 | Sun Microsystems, Inc. | Method and apparatus for enabling adaptive endianness |
ES2303265T3 (en) * | 2004-08-23 | 2008-08-01 | NOKIA SIEMENS NETWORKS GMBH & CO. KG | PROCEDURE AND SYSTEM FOR TARIFFING IN A PEER-TO-PEER NETWORK (POINT TO POINT BETWEEN EQUAL). |
JP4576936B2 (en) | 2004-09-02 | 2010-11-10 | ソニー株式会社 | Information processing apparatus, information recording medium, content management system, data processing method, and computer program |
US7933208B2 (en) * | 2004-09-27 | 2011-04-26 | Polytechnic Institute Of New York University | Facilitating storage and querying of payload attribution information |
US8954751B2 (en) | 2004-10-08 | 2015-02-10 | International Business Machines Corporation | Secure memory control parameters in table look aside buffer data fields and support memory array |
US7657756B2 (en) * | 2004-10-08 | 2010-02-02 | International Business Machines Corporaiton | Secure memory caching structures for data, integrity and version values |
US8347078B2 (en) | 2004-10-18 | 2013-01-01 | Microsoft Corporation | Device certificate individualization |
US8336085B2 (en) | 2004-11-15 | 2012-12-18 | Microsoft Corporation | Tuning product policy using observed evidence of customer behavior |
US7613701B2 (en) * | 2004-12-22 | 2009-11-03 | International Business Machines Corporation | Matching of complex nested objects by multilevel hashing |
US8356021B2 (en) * | 2005-03-11 | 2013-01-15 | Ross Neil Williams | Method and apparatus for indexing in a reduced-redundancy storage system |
US7814129B2 (en) * | 2005-03-11 | 2010-10-12 | Ross Neil Williams | Method and apparatus for storing data with reduced redundancy using data clusters |
US8051252B2 (en) | 2005-03-11 | 2011-11-01 | Ross Neil Williams | Method and apparatus for detecting the presence of subblocks in a reduced-redundancy storage system |
US8099324B2 (en) * | 2005-03-29 | 2012-01-17 | Microsoft Corporation | Securely providing advertising subsidized computer usage |
EP1802019B1 (en) * | 2005-04-06 | 2008-05-28 | Siemens Aktiengesellschaft | Identification of errors in data transmission |
US8627071B1 (en) | 2005-04-29 | 2014-01-07 | Netapp, Inc. | Insuring integrity of remote procedure calls used in a client and server storage system |
JP4827468B2 (en) * | 2005-07-25 | 2011-11-30 | キヤノン株式会社 | Information processing apparatus, information processing apparatus control method, computer program, and computer-readable storage medium |
US8019988B2 (en) * | 2005-08-22 | 2011-09-13 | The State Of Oregon Acting By And Through The State Board Of Higher Education On Behalf Of The University Of Oregon | Security protocols for hybrid peer-to-peer file sharing networks |
US7831998B2 (en) * | 2005-09-16 | 2010-11-09 | Ntt Docomo, Inc. | Changing states of communication links in computer networks in an authenticated manner |
US7689877B2 (en) * | 2005-11-04 | 2010-03-30 | Sun Microsystems, Inc. | Method and system using checksums to repair data |
US20070106868A1 (en) * | 2005-11-04 | 2007-05-10 | Sun Microsystems, Inc. | Method and system for latency-directed block allocation |
US8635190B2 (en) * | 2005-11-04 | 2014-01-21 | Oracle America, Inc. | Method and system for pruned resilvering using a dirty time log |
US7865673B2 (en) * | 2005-11-04 | 2011-01-04 | Oracle America, Inc. | Multiple replication levels with pooled devices |
US7596739B2 (en) * | 2005-11-04 | 2009-09-29 | Sun Microsystems, Inc. | Method and system for data replication |
US7716445B2 (en) * | 2005-11-04 | 2010-05-11 | Oracle America, Inc. | Method and system for storing a sparse file using fill counts |
US7930495B2 (en) * | 2005-11-04 | 2011-04-19 | Oracle America, Inc. | Method and system for dirty time log directed resilvering |
US7480684B2 (en) * | 2005-11-04 | 2009-01-20 | Sun Microsystems, Inc. | Method and system for object allocation using fill counts |
US7899989B2 (en) * | 2005-11-04 | 2011-03-01 | Oracle America, Inc. | Method and system for using a block allocation policy |
US7657671B2 (en) * | 2005-11-04 | 2010-02-02 | Sun Microsystems, Inc. | Adaptive resilvering I/O scheduling |
US7925827B2 (en) * | 2005-11-04 | 2011-04-12 | Oracle America, Inc. | Method and system for dirty time logging |
US8549051B2 (en) * | 2005-11-04 | 2013-10-01 | Oracle America, Inc. | Unlimited file system snapshots and clones |
US7873799B2 (en) * | 2005-11-04 | 2011-01-18 | Oracle America, Inc. | Method and system supporting per-file and per-block replication |
US7743225B2 (en) * | 2005-11-04 | 2010-06-22 | Oracle America, Inc. | Ditto blocks |
US8938594B2 (en) * | 2005-11-04 | 2015-01-20 | Oracle America, Inc. | Method and system for metadata-based resilvering |
US8495010B2 (en) * | 2005-11-04 | 2013-07-23 | Oracle America, Inc. | Method and system for adaptive metadata replication |
US20070112895A1 (en) * | 2005-11-04 | 2007-05-17 | Sun Microsystems, Inc. | Block-based incremental backup |
US7716519B2 (en) * | 2005-11-04 | 2010-05-11 | Oracle America, Inc. | Method and system for repairing partially damaged blocks |
US7877554B2 (en) * | 2005-11-04 | 2011-01-25 | Oracle America, Inc. | Method and system for block reallocation |
US20070150396A1 (en) * | 2005-12-27 | 2007-06-28 | Gridstock Inc. | Stock value chains |
GB2432934B (en) * | 2006-03-14 | 2007-12-19 | Streamshield Networks Ltd | A method and apparatus for providing network security |
US8364965B2 (en) | 2006-03-15 | 2013-01-29 | Apple Inc. | Optimized integrity verification procedures |
US7836394B2 (en) * | 2006-04-18 | 2010-11-16 | Savanet Llc | Interactive, customizable display and analysis of electronically tagged financial information |
US7707481B2 (en) | 2006-05-16 | 2010-04-27 | Pitney Bowes Inc. | System and method for efficient uncorrectable error detection in flash memory |
US20070283158A1 (en) * | 2006-06-02 | 2007-12-06 | Microsoft Corporation Microsoft Patent Group | System and method for generating a forensic file |
US8190915B2 (en) * | 2006-06-14 | 2012-05-29 | Oracle International Corporation | Method and apparatus for detecting data tampering within a database |
US8166308B2 (en) * | 2006-07-18 | 2012-04-24 | Certicom Corp. | System and method for authenticating a gaming device |
FR2904901B1 (en) * | 2006-08-09 | 2008-10-03 | Sagem Defense Securite | METHOD FOR VERIFYING THE INTEGRITY OF AN ENCRYPTION KEY OBTAINED BY COMBINING KEY PARTS |
US7962499B2 (en) * | 2006-08-18 | 2011-06-14 | Falconstor, Inc. | System and method for identifying and mitigating redundancies in stored data |
US9013266B2 (en) | 2006-09-08 | 2015-04-21 | Certicom Corp. | Authenticated radio frequency identification and key distribution system therefor |
US20080104403A1 (en) * | 2006-09-29 | 2008-05-01 | Shay Gueron | Methods and apparatus for data authentication with multiple keys |
US7783847B2 (en) * | 2006-10-31 | 2010-08-24 | Oracle America Inc. | Method and system for reallocating blocks in a storage pool |
US7584229B2 (en) * | 2006-10-31 | 2009-09-01 | Sun Microsystems, Inc. | Method and system for priority-based allocation in a storage pool |
US7840657B2 (en) * | 2006-10-31 | 2010-11-23 | Oracle America, Inc. | Method and apparatus for power-managing storage devices in a storage pool |
US9152706B1 (en) | 2006-12-30 | 2015-10-06 | Emc Corporation | Anonymous identification tokens |
US9497205B1 (en) * | 2008-05-19 | 2016-11-15 | Emc Corporation | Global commonality and network logging |
US20080159146A1 (en) * | 2006-12-30 | 2008-07-03 | Emc Corporation | Network monitoring |
US8577680B2 (en) * | 2006-12-30 | 2013-11-05 | Emc Corporation | Monitoring and logging voice traffic on data network |
US7882358B2 (en) * | 2007-01-15 | 2011-02-01 | Microsoft Corporation | Reversible hashing for E-signature verification |
JP2008177683A (en) * | 2007-01-16 | 2008-07-31 | Kyocera Mita Corp | Data providing system, data receiving system, data providing method, data providing program and data receiving program |
JP4359622B2 (en) * | 2007-01-22 | 2009-11-04 | 富士通株式会社 | Electronic signature program and electronic signature device |
KR20090000228A (en) * | 2007-02-05 | 2009-01-07 | 삼성전자주식회사 | Method of providing and using contents enabled to verify integrity and apparatus thereof |
US8131998B2 (en) * | 2007-03-05 | 2012-03-06 | George Mason Intellectual Properties, Inc. | Transparent authentication of continuous data streams |
US20090055357A1 (en) * | 2007-06-09 | 2009-02-26 | Honeywell International Inc. | Data integrity checking for set-oriented data stores |
US8046509B2 (en) | 2007-07-06 | 2011-10-25 | Prostor Systems, Inc. | Commonality factoring for removable media |
CA2593897C (en) * | 2007-07-16 | 2016-06-14 | Tet Hin Yeap | Method, system and apparatus for accessing a resource based on data supplied by a local user |
US7818537B2 (en) * | 2007-07-19 | 2010-10-19 | International Business Machines Corporation | Method and system for dynamically determining hash function values for file transfer integrity validation |
US8655919B2 (en) * | 2007-07-30 | 2014-02-18 | International Business Machines Corporation | Storage system and method for updating a hash tree |
CN101364869B (en) * | 2007-08-09 | 2012-03-28 | 鸿富锦精密工业(深圳)有限公司 | Electronic document digital checking system and method |
US9521186B2 (en) * | 2007-09-13 | 2016-12-13 | International Business Machines Corporation | Method and system for file transfer over a messaging infrastructure |
US7792882B2 (en) * | 2007-09-27 | 2010-09-07 | Oracle America, Inc. | Method and system for block allocation for hybrid drives |
US8375219B2 (en) * | 2007-10-24 | 2013-02-12 | Microsoft Corporation | Program and operation verification |
IL187040A0 (en) | 2007-10-30 | 2008-02-09 | Sandisk Il Ltd | Caching for structural integrity schemes |
IL187037A0 (en) * | 2007-10-30 | 2008-02-09 | Sandisk Il Ltd | Fast update for hierarchical integrity schemes |
JP4584300B2 (en) * | 2007-12-19 | 2010-11-17 | 富士通株式会社 | Electronic signature program, computer-readable recording medium, electronic signature device, and electronic signature method |
EP2232763A4 (en) * | 2007-12-21 | 2012-08-08 | Cocoon Data Holdings Ltd | System and method for securing data |
US20090162032A1 (en) * | 2007-12-21 | 2009-06-25 | Aceurity, Inc. | Smart Viewing Rights System and Switch |
US8738926B2 (en) * | 2008-01-10 | 2014-05-27 | Intel Mobile Communications GmbH | Data processing system, method for executing a cryptographic algorithm and method for preparing execution of a cryptographic algorithm |
JP2009182864A (en) * | 2008-01-31 | 2009-08-13 | Hitachi Kokusai Electric Inc | Signature device, verification device, program, signature method, verification method, and system |
DE602008003667D1 (en) * | 2008-03-03 | 2011-01-05 | Fujitsu Ltd | Method and apparatus for digital signature authentication, and computer product |
US20090238365A1 (en) * | 2008-03-20 | 2009-09-24 | Kinamik Data Integrity, S.L. | Method and system to provide fine granular integrity to digital data |
US8095728B2 (en) * | 2008-04-18 | 2012-01-10 | Oracle America, Inc. | Method and system for power aware I/O scheduling |
US8176018B1 (en) * | 2008-04-30 | 2012-05-08 | Netapp, Inc. | Incremental file system differencing |
US8037279B2 (en) * | 2008-06-12 | 2011-10-11 | Oracle America, Inc. | Method and system for cross-domain data sharing |
US8135907B2 (en) * | 2008-06-30 | 2012-03-13 | Oracle America, Inc. | Method and system for managing wear-level aware file systems |
US8103718B2 (en) | 2008-07-31 | 2012-01-24 | Microsoft Corporation | Content discovery and transfer between mobile communications nodes |
US8649276B2 (en) * | 2008-07-31 | 2014-02-11 | Microsoft Corporation | Content transfer |
US8074049B2 (en) * | 2008-08-26 | 2011-12-06 | Nine Technology, Llc | Online backup system with global two staged deduplication without using an indexing database |
US8099602B2 (en) * | 2008-09-26 | 2012-01-17 | Mykonos Software, Inc. | Methods for integrating security in network communications and systems thereof |
US20100088745A1 (en) * | 2008-10-06 | 2010-04-08 | Fujitsu Limited | Method for checking the integrity of large data items rapidly |
US8788841B2 (en) * | 2008-10-23 | 2014-07-22 | Samsung Electronics Co., Ltd. | Representation and verification of data for safe computing environments and systems |
EP2402882A4 (en) * | 2009-02-27 | 2014-09-17 | Fujitsu Ltd | Electronic signature program, electronic signature device, and electronic signature method |
US8438630B1 (en) * | 2009-03-30 | 2013-05-07 | Symantec Corporation | Data loss prevention system employing encryption detection |
US8929303B2 (en) * | 2009-04-06 | 2015-01-06 | Samsung Electronics Co., Ltd. | Control and data channels for advanced relay operation |
US8682862B2 (en) * | 2009-04-10 | 2014-03-25 | Phd Virtual Technologies Inc. | Virtual machine file-level restoration |
US8769689B2 (en) | 2009-04-24 | 2014-07-01 | Hb Gary, Inc. | Digital DNA sequence |
US8914903B1 (en) | 2009-06-03 | 2014-12-16 | Amdocs Software System Limited | System, method, and computer program for validating receipt of digital content by a client device |
US8244909B1 (en) * | 2009-06-18 | 2012-08-14 | Google Inc. | Method, apparatus and networking equipment for performing flow hashing using quasi cryptographic hash functions |
US8578175B2 (en) | 2011-02-23 | 2013-11-05 | International Business Machines Corporation | Secure object having protected region, integrity tree, and unprotected region |
US8819446B2 (en) | 2009-06-26 | 2014-08-26 | International Business Machines Corporation | Support for secure objects in a computer system |
US8954752B2 (en) * | 2011-02-23 | 2015-02-10 | International Business Machines Corporation | Building and distributing secure object software |
US9846789B2 (en) | 2011-09-06 | 2017-12-19 | International Business Machines Corporation | Protecting application programs from malicious software or malware |
US9298894B2 (en) | 2009-06-26 | 2016-03-29 | International Business Machines Corporation | Cache structure for a computer system providing support for secure objects |
US8484152B2 (en) * | 2009-06-26 | 2013-07-09 | Hbgary, Inc. | Fuzzy hash algorithm |
US9954875B2 (en) | 2009-06-26 | 2018-04-24 | International Business Machines Corporation | Protecting from unintentional malware download |
US8280858B2 (en) * | 2009-06-29 | 2012-10-02 | Oracle America, Inc. | Storage pool scrubbing with concurrent snapshots |
JP5458711B2 (en) * | 2009-07-15 | 2014-04-02 | 富士ゼロックス株式会社 | Information processing program and information processing apparatus |
KR101072277B1 (en) * | 2009-08-31 | 2011-10-11 | 주식회사 아나스타시스 | Apparatus and method for guaranteeing data integrity in real time, and black box system using thereof |
US8505103B2 (en) * | 2009-09-09 | 2013-08-06 | Fujitsu Limited | Hardware trust anchor |
US8769614B1 (en) * | 2009-12-29 | 2014-07-01 | Akamai Technologies, Inc. | Security framework for HTTP streaming architecture |
US9104517B2 (en) | 2010-01-27 | 2015-08-11 | Code Systems Corporation | System for downloading and executing a virtual application |
US9229748B2 (en) | 2010-01-29 | 2016-01-05 | Code Systems Corporation | Method and system for improving startup performance and interoperability of a virtual application |
US8763009B2 (en) | 2010-04-17 | 2014-06-24 | Code Systems Corporation | Method of hosting a first application in a second application |
US9218359B2 (en) | 2010-07-02 | 2015-12-22 | Code Systems Corporation | Method and system for profiling virtual application resource utilization patterns by executing virtualized application |
US20120084559A1 (en) * | 2010-09-30 | 2012-04-05 | Hunt Technologies, Llc | Communications Source Authentication |
FR2971599B1 (en) | 2011-02-11 | 2013-03-15 | Jean Luc Leleu | SECURE TRANSACTION METHOD FROM UNSECURED TERMINAL |
US9553728B2 (en) * | 2011-02-25 | 2017-01-24 | Nokia Technologies Oy | Method and apparatus for providing end-to-end security for distributed computations |
US9292530B2 (en) | 2011-06-14 | 2016-03-22 | Netapp, Inc. | Object-level identification of duplicate data in a storage system |
US9043292B2 (en) | 2011-06-14 | 2015-05-26 | Netapp, Inc. | Hierarchical identification and mapping of duplicate data in a storage system |
US20130031632A1 (en) * | 2011-07-28 | 2013-01-31 | Dell Products, Lp | System and Method for Detecting Malicious Content |
WO2013080243A2 (en) * | 2011-11-28 | 2013-06-06 | Hitachi, Ltd. | Storage system controller, storage system, and access control method |
US20140331091A1 (en) * | 2011-12-08 | 2014-11-06 | International Business Machines Corporation | Detecting Loss of Data During Data Transfer Between Information Devices |
US11232093B2 (en) | 2012-03-02 | 2022-01-25 | Pure Storage, Inc. | Slice migration in a dispersed storage network |
US10402393B2 (en) * | 2012-03-02 | 2019-09-03 | Pure Storage, Inc. | Slice migration in a dispersed storage network |
EP3142329B1 (en) * | 2012-04-25 | 2018-12-12 | Huawei Technologies Co., Ltd. | Systems and methods for segment integrity and authenticity for adaptive streaming |
EP2883170A4 (en) * | 2012-08-08 | 2015-07-29 | Amazon Tech Inc | Archival data storage system |
US9798294B2 (en) * | 2012-09-18 | 2017-10-24 | Nxp B.V. | System, method and computer program product for detecting tampering in a product |
US9536016B2 (en) * | 2013-01-16 | 2017-01-03 | Google Inc. | On-disk multimap |
US9680650B2 (en) * | 2013-08-23 | 2017-06-13 | Qualcomm Incorporated | Secure content delivery using hashing of pre-coded packets |
WO2015024603A1 (en) * | 2013-08-23 | 2015-02-26 | Nec Europe Ltd. | Method and system for authenticating a data stream |
US9087192B2 (en) * | 2013-09-10 | 2015-07-21 | Infineon Technologies Ag | Electronic circuit and method for monitoring a data processing |
EP3053074A4 (en) * | 2013-09-30 | 2017-04-05 | Hewlett-Packard Enterprise Development LP | Hierarchical threat intelligence |
US9223965B2 (en) | 2013-12-10 | 2015-12-29 | International Business Machines Corporation | Secure generation and management of a virtual card on a mobile device |
US9235692B2 (en) | 2013-12-13 | 2016-01-12 | International Business Machines Corporation | Secure application debugging |
US10270590B2 (en) * | 2013-12-16 | 2019-04-23 | Mcafee, Llc | Process efficient preprocessing for any encryption standard |
KR101572935B1 (en) * | 2014-10-02 | 2015-12-11 | 현대자동차주식회사 | Method of authenticating can packet using mac divison and appratus for implementing the same |
US9960909B2 (en) | 2014-12-08 | 2018-05-01 | Open-Silicon Inc. | High speed and low power hashing system and method |
US11968292B1 (en) * | 2014-12-18 | 2024-04-23 | Amazon Technologies, Inc. | Incremental authenticated data encodings |
JP2016122917A (en) * | 2014-12-24 | 2016-07-07 | パナソニックIpマネジメント株式会社 | Signature generation device, signature verification device, signature generation method and signature verification method |
US10333696B2 (en) | 2015-01-12 | 2019-06-25 | X-Prime, Inc. | Systems and methods for implementing an efficient, scalable homomorphic transformation of encrypted data with minimal data expansion and improved processing efficiency |
GB2541950B (en) * | 2015-09-07 | 2020-01-08 | Arm Ip Ltd | Methods for verifying data integrity |
DE102016207642A1 (en) * | 2016-05-03 | 2017-11-09 | Siemens Aktiengesellschaft | Method and apparatus for authenticating a data stream |
EP3436949A4 (en) | 2016-07-29 | 2020-03-25 | Hewlett-Packard Development Company, L.P. | Data recovery with authenticity |
US10284568B2 (en) * | 2016-08-23 | 2019-05-07 | Guardtime Ip Holdings Limited | System and method for secure transmission of streamed data frames |
IL248237A0 (en) | 2016-10-06 | 2017-01-31 | Kipnis Aviad | Signature method and system |
US10157295B2 (en) * | 2016-10-07 | 2018-12-18 | Acronis International Gmbh | System and method for file authenticity certification using blockchain network |
IL250359A0 (en) | 2017-01-30 | 2017-03-30 | Kipnis Aviad | Signature method and system |
US11356268B2 (en) * | 2017-06-02 | 2022-06-07 | Hewlett-Packard Development Company, L.P. | Digital composition hashing |
WO2019020194A1 (en) * | 2017-07-28 | 2019-01-31 | Telefonaktiebolaget Lm Ericsson (Publ) | Data stream integrity |
US11374760B2 (en) * | 2017-09-13 | 2022-06-28 | Microsoft Technology Licensing, Llc | Cyber physical key |
CN108399329B (en) * | 2018-01-23 | 2022-01-21 | 晶晨半导体(上海)股份有限公司 | Method for improving security of trusted application program |
US20190294820A1 (en) * | 2018-03-20 | 2019-09-26 | Entit Software Llc | Converting plaintext values to pseudonyms using a hash function |
WO2019222761A1 (en) * | 2018-05-18 | 2019-11-21 | Deep Labs Inc. | Systems and methods for generating hash trees and using neural networks to process the same |
US10922439B2 (en) * | 2018-06-29 | 2021-02-16 | Intel Corporation | Technologies for verifying memory integrity across multiple memory regions |
AT522276B1 (en) * | 2019-04-03 | 2021-01-15 | Tributech Solutions Gmbh | Device and method for checking the integrity of sensor data streams |
US11405214B2 (en) * | 2019-04-04 | 2022-08-02 | Y R Free Labs Limited | Secure transmission |
US11316664B2 (en) | 2019-04-05 | 2022-04-26 | Bank Of America Corporation | System for characterization and tracking of electronic data in a networked environment using cohesive information units |
GB2583738B (en) * | 2019-05-07 | 2021-05-05 | Arm Ip Ltd | Content distribution integrity control |
TWI772648B (en) | 2019-06-03 | 2022-08-01 | 銓鴻資訊有限公司 | Method of verifying partial data based on collective certificate |
CN110457953B (en) * | 2019-07-26 | 2021-08-10 | 中国银行股份有限公司 | Method and device for detecting integrity of file |
RU2730365C1 (en) * | 2019-12-19 | 2020-08-21 | федеральное государственное казенное военное образовательное учреждение высшего образования "Краснодарское высшее военное орденов Жукова и Октябрьской Революции Краснознаменное училище имени генерала армии С.М. Штеменко" | Data integrity control method based on pascal cryptographic triangle |
US11436342B2 (en) | 2019-12-26 | 2022-09-06 | Intel Corporation | TDX islands with self-contained scope enabling TDX KeyID scaling |
JP7323807B2 (en) | 2020-01-20 | 2023-08-09 | 富士通株式会社 | VERIFICATION METHOD, PROGRAM, AND INFORMATION PROCESSING DEVICE |
US11372832B1 (en) * | 2020-06-05 | 2022-06-28 | Amazon Technologies, Inc. | Efficient hashing of data objects |
CA3126027A1 (en) * | 2020-07-24 | 2022-01-24 | Magnet Forensics Inc. | System and method for generating a minimal forensic image of a dataset of interest |
CN112751923A (en) * | 2020-12-30 | 2021-05-04 | 武汉大学 | Data sharing system and method supporting public integrity check |
US20230006833A1 (en) * | 2021-07-01 | 2023-01-05 | Lenovo (Singapore) Pte. Ltd. | Ranked hash validation for new software update file |
US20230224166A1 (en) * | 2021-12-03 | 2023-07-13 | Snektech, Inc. | Systems and Methods for Associating Digital Media Files with External Commodities |
GB2622761A (en) * | 2022-05-18 | 2024-04-03 | Zappaty Ltd | Methods of Transmitting and Receiving Files |
Citations (47)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4218582A (en) | 1977-10-06 | 1980-08-19 | The Board Of Trustees Of The Leland Stanford Junior University | Public key cryptographic apparatus and method |
US4309569A (en) | 1979-09-05 | 1982-01-05 | The Board Of Trustees Of The Leland Stanford Junior University | Method of providing digital signatures |
US4827508A (en) | 1986-10-14 | 1989-05-02 | Personal Library Software, Inc. | Database usage metering and protection system and method |
US4977594A (en) | 1986-10-14 | 1990-12-11 | Electronic Publishing Resources, Inc. | Database usage metering and protection system and method |
US5050213A (en) | 1986-10-14 | 1991-09-17 | Electronic Publishing Resources, Inc. | Database usage metering and protection system and method |
US5373561A (en) | 1992-12-21 | 1994-12-13 | Bell Communications Research, Inc. | Method of extending the validity of a cryptographic certificate |
EP0715247A1 (en) | 1994-11-23 | 1996-06-05 | Xerox Corporation | System for controlling the distribution and use of digital works using digital tickets |
US5530235A (en) | 1995-02-16 | 1996-06-25 | Xerox Corporation | Interactive contents revealing storage device |
US5534975A (en) | 1995-05-26 | 1996-07-09 | Xerox Corporation | Document processing system utilizing document service cards to provide document processing services |
WO1996027155A2 (en) | 1995-02-13 | 1996-09-06 | Electronic Publishing Resources, Inc. | Systems and methods for secure transaction management and electronic rights protection |
US5629980A (en) | 1994-11-23 | 1997-05-13 | Xerox Corporation | System for controlling the distribution and use of digital works |
US5634012A (en) | 1994-11-23 | 1997-05-27 | Xerox Corporation | System for controlling the distribution and use of digital works having a fee reporting mechanism |
US5638443A (en) | 1994-11-23 | 1997-06-10 | Xerox Corporation | System for controlling the distribution and use of composite digital works |
WO1997043761A2 (en) | 1996-05-15 | 1997-11-20 | Intertrust Technologies Corp. | Cryptographic methods, apparatus and systems for storage media electronic rights management in closed and connected appliances |
US5715403A (en) | 1994-11-23 | 1998-02-03 | Xerox Corporation | System for controlling the distribution and use of digital works having attached usage rights where the usage rights are defined by a usage rights grammar |
WO1998009209A1 (en) | 1996-08-30 | 1998-03-05 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
WO1998010381A1 (en) | 1996-09-04 | 1998-03-12 | Intertrust Technologies Corp. | Trusted infrastructure support systems, methods and techniques for secure electronic commerce, electronic transactions, commerce process control and automation, distributed computing, and rights management |
WO1998037481A1 (en) | 1997-02-25 | 1998-08-27 | Intertrust Technologies Corp. | Techniques for defining, using and manipulating rights management data structures |
US5835595A (en) * | 1996-09-04 | 1998-11-10 | At&T Corp | Method and apparatus for crytographically protecting data |
WO1999001815A1 (en) | 1997-06-09 | 1999-01-14 | Intertrust, Incorporated | Obfuscation techniques for enhancing software security |
WO1999024928A2 (en) | 1997-11-06 | 1999-05-20 | Intertrust Technologies Corp. | Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information |
US5940504A (en) | 1991-07-01 | 1999-08-17 | Infologic Software, Inc. | Licensing management system and method in which datagrams including an address of a licensee and indicative of use of a licensed product are sent from the licensee's site |
US5943422A (en) | 1996-08-12 | 1999-08-24 | Intertrust Technologies Corp. | Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels |
WO1999048296A1 (en) | 1998-03-16 | 1999-09-23 | Intertrust Technologies Corporation | Methods and apparatus for continuous control and protection of media content |
US5999949A (en) | 1997-03-14 | 1999-12-07 | Crandall; Gary E. | Text file compression system utilizing word terminators |
US6009176A (en) * | 1997-02-13 | 1999-12-28 | International Business Machines Corporation | How to sign digital streams |
US6157721A (en) | 1996-08-12 | 2000-12-05 | Intertrust Technologies Corp. | Systems and methods using cryptography to protect secure computing environments |
WO2000075925A1 (en) | 1999-06-08 | 2000-12-14 | Intertrust Technologies Corp. | Method and systems for protecting data using digital signature and watermark |
WO2001006374A2 (en) | 1999-07-16 | 2001-01-25 | Intertrust Technologies Corp. | System and method for securing an untrusted storage |
WO2001010076A2 (en) | 1999-07-29 | 2001-02-08 | Intertrust Technologies Corp. | Systems and methods for protecting secure and insecure computing environments using cryptography |
WO2001009702A2 (en) | 1999-07-30 | 2001-02-08 | Intertrust Technologies Corp. | Methods and systems for transaction record delivery using thresholds and multi-stage protocol |
US20020048369A1 (en) | 1995-02-13 | 2002-04-25 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US20020087859A1 (en) | 2000-05-19 | 2002-07-04 | Weeks Stephen P. | Trust management systems and methods |
US20020152173A1 (en) | 2001-04-05 | 2002-10-17 | Rudd James M. | System and methods for managing the distribution of electronic content |
US20030023856A1 (en) | 2001-06-13 | 2003-01-30 | Intertrust Technologies Corporation | Software self-checking systems and methods |
US20030046244A1 (en) | 1997-11-06 | 2003-03-06 | Intertrust Technologies Corp. | Methods for matching, selecting, and/or classifying based on rights management and/or other information |
US20030084003A1 (en) | 2001-04-20 | 2003-05-01 | Intertrust Technologies Corporation | Systems and methods for conducting transactions and communications using a trusted third party |
US6658568B1 (en) | 1995-02-13 | 2003-12-02 | Intertrust Technologies Corporation | Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management |
US20040054630A1 (en) | 1995-02-13 | 2004-03-18 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
US20040059951A1 (en) | 2002-04-25 | 2004-03-25 | Intertrust Technologies Corporation | Secure authentication systems and methods |
US20040073813A1 (en) | 2002-04-25 | 2004-04-15 | Intertrust Technologies Corporation | Establishing a secure channel with a human user |
US20040107356A1 (en) | 1999-03-16 | 2004-06-03 | Intertrust Technologies Corp. | Methods and apparatus for persistent control and protection of content |
US20040133793A1 (en) | 1995-02-13 | 2004-07-08 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US6832316B1 (en) | 1999-12-22 | 2004-12-14 | Intertrust Technologies, Corp. | Systems and methods for protecting data secrecy and integrity |
US20050027871A1 (en) | 2003-06-05 | 2005-02-03 | William Bradley | Interoperable systems and methods for peer-to-peer service orchestration |
US20050060584A1 (en) | 1995-02-13 | 2005-03-17 | Intertrust Technologies Corp. | Trusted infrastructure support systems, methods and techniques for secure electronic commerce, electronic transactions, commerce process control and automation, distributed computing, and rights management |
US6959384B1 (en) | 1999-12-14 | 2005-10-25 | Intertrust Technologies Corporation | Systems and methods for authenticating and protecting the integrity of data streams and other data |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB8704883D0 (en) | 1987-03-03 | 1987-04-08 | Hewlett Packard Co | Secure information storage |
US5235472A (en) * | 1991-10-18 | 1993-08-10 | Seagate Technology, Inc. | Apparatus for sensing operating shock on a disk drive |
AU691366B2 (en) * | 1994-10-28 | 1998-05-14 | Surety.Com, Inc. | Digital document authentication system for providing a certificate which authenticates and uniquely identifies a document |
JP2833545B2 (en) * | 1995-03-06 | 1998-12-09 | 日本電気株式会社 | Method for manufacturing semiconductor device |
US7047241B1 (en) * | 1995-10-13 | 2006-05-16 | Digimarc Corporation | System and methods for managing digital creative works |
EP0956673A4 (en) * | 1996-12-20 | 2005-04-06 | Financial Services Technology | Method and system for processing electronic documents |
US6092147A (en) * | 1997-04-15 | 2000-07-18 | Sun Microsystems, Inc. | Virtual machine with securely distributed bytecode verification |
US6580906B2 (en) * | 1997-12-10 | 2003-06-17 | Intel Corporation | Authentication and security in wireless communication system |
US7233948B1 (en) | 1998-03-16 | 2007-06-19 | Intertrust Technologies Corp. | Methods and apparatus for persistent control and protection of content |
US6802006B1 (en) * | 1999-01-15 | 2004-10-05 | Macrovision Corporation | System and method of verifying the authenticity of dynamically connectable executable images |
DE10164950B4 (en) * | 2001-09-07 | 2010-01-28 | Qimonda Ag | Method for producing a semiconductor integrated circuit |
US7034051B2 (en) * | 2003-08-28 | 2006-04-25 | Adolor Corporation | Fused bicyclic carboxamide derivatives and methods of their use |
-
2000
- 2000-04-05 US US09/543,750 patent/US6959384B1/en not_active Expired - Lifetime
-
2005
- 2005-04-22 US US11/112,520 patent/US7340602B2/en not_active Expired - Lifetime
-
2008
- 2008-02-27 US US12/038,664 patent/US7882351B2/en not_active Expired - Fee Related
-
2011
- 2011-01-31 US US13/018,274 patent/US8762711B2/en not_active Expired - Fee Related
-
2014
- 2014-06-13 US US14/304,422 patent/US9401896B2/en not_active Expired - Fee Related
-
2016
- 2016-06-21 US US15/188,737 patent/US10025953B2/en not_active Expired - Fee Related
-
2018
- 2018-06-15 US US16/010,004 patent/US20190042794A1/en not_active Abandoned
Patent Citations (87)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4218582A (en) | 1977-10-06 | 1980-08-19 | The Board Of Trustees Of The Leland Stanford Junior University | Public key cryptographic apparatus and method |
US4309569A (en) | 1979-09-05 | 1982-01-05 | The Board Of Trustees Of The Leland Stanford Junior University | Method of providing digital signatures |
US5410598A (en) | 1986-10-14 | 1995-04-25 | Electronic Publishing Resources, Inc. | Database usage metering and protection system and method |
US4977594A (en) | 1986-10-14 | 1990-12-11 | Electronic Publishing Resources, Inc. | Database usage metering and protection system and method |
US5050213A (en) | 1986-10-14 | 1991-09-17 | Electronic Publishing Resources, Inc. | Database usage metering and protection system and method |
US4827508A (en) | 1986-10-14 | 1989-05-02 | Personal Library Software, Inc. | Database usage metering and protection system and method |
US5940504A (en) | 1991-07-01 | 1999-08-17 | Infologic Software, Inc. | Licensing management system and method in which datagrams including an address of a licensee and indicative of use of a licensed product are sent from the licensee's site |
US5373561A (en) | 1992-12-21 | 1994-12-13 | Bell Communications Research, Inc. | Method of extending the validity of a cryptographic certificate |
US5638443A (en) | 1994-11-23 | 1997-06-10 | Xerox Corporation | System for controlling the distribution and use of composite digital works |
EP0715247A1 (en) | 1994-11-23 | 1996-06-05 | Xerox Corporation | System for controlling the distribution and use of digital works using digital tickets |
US5715403A (en) | 1994-11-23 | 1998-02-03 | Xerox Corporation | System for controlling the distribution and use of digital works having attached usage rights where the usage rights are defined by a usage rights grammar |
US5629980A (en) | 1994-11-23 | 1997-05-13 | Xerox Corporation | System for controlling the distribution and use of digital works |
US5634012A (en) | 1994-11-23 | 1997-05-27 | Xerox Corporation | System for controlling the distribution and use of digital works having a fee reporting mechanism |
US20040103305A1 (en) | 1995-02-13 | 2004-05-27 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US6640304B2 (en) | 1995-02-13 | 2003-10-28 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
WO1996027155A2 (en) | 1995-02-13 | 1996-09-06 | Electronic Publishing Resources, Inc. | Systems and methods for secure transaction management and electronic rights protection |
US6948070B1 (en) | 1995-02-13 | 2005-09-20 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
US20050060584A1 (en) | 1995-02-13 | 2005-03-17 | Intertrust Technologies Corp. | Trusted infrastructure support systems, methods and techniques for secure electronic commerce, electronic transactions, commerce process control and automation, distributed computing, and rights management |
US20040133793A1 (en) | 1995-02-13 | 2004-07-08 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US20040123129A1 (en) | 1995-02-13 | 2004-06-24 | Intertrust Technologies Corp. | Trusted infrastructure support systems, methods and techniques for secure electronic commerce transaction and rights management |
US6237786B1 (en) | 1995-02-13 | 2001-05-29 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US20040054630A1 (en) | 1995-02-13 | 2004-03-18 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
US6658568B1 (en) | 1995-02-13 | 2003-12-02 | Intertrust Technologies Corporation | Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management |
US5910987A (en) | 1995-02-13 | 1999-06-08 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US5915019A (en) | 1995-02-13 | 1999-06-22 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US5917912A (en) | 1995-02-13 | 1999-06-29 | Intertrust Technologies Corporation | System and methods for secure transaction management and electronic rights protection |
US6185683B1 (en) | 1995-02-13 | 2001-02-06 | Intertrust Technologies Corp. | Trusted and secure techniques, systems and methods for item delivery and execution |
US6253193B1 (en) | 1995-02-13 | 2001-06-26 | Intertrust Technologies Corporation | Systems and methods for the secure transaction management and electronic rights protection |
US20010042043A1 (en) | 1995-02-13 | 2001-11-15 | Intertrust Technologies Corp. | Cryptographic methods, apparatus and systems for storage media electronic rights management in closed and connected appliances |
US5949876A (en) | 1995-02-13 | 1999-09-07 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
US20030105721A1 (en) | 1995-02-13 | 2003-06-05 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US5982891A (en) | 1995-02-13 | 1999-11-09 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US20020112171A1 (en) | 1995-02-13 | 2002-08-15 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US6427140B1 (en) | 1995-02-13 | 2002-07-30 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US6389402B1 (en) | 1995-02-13 | 2002-05-14 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US20020048369A1 (en) | 1995-02-13 | 2002-04-25 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US6363488B1 (en) | 1995-02-13 | 2002-03-26 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US5530235A (en) | 1995-02-16 | 1996-06-25 | Xerox Corporation | Interactive contents revealing storage device |
US5534975A (en) | 1995-05-26 | 1996-07-09 | Xerox Corporation | Document processing system utilizing document service cards to provide document processing services |
WO1997043761A2 (en) | 1996-05-15 | 1997-11-20 | Intertrust Technologies Corp. | Cryptographic methods, apparatus and systems for storage media electronic rights management in closed and connected appliances |
US6618484B2 (en) | 1996-08-12 | 2003-09-09 | Intertrust Technologies Corporation | Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels |
US6449367B2 (en) | 1996-08-12 | 2002-09-10 | Intertrust Technologies Corp. | Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels |
US6240185B1 (en) | 1996-08-12 | 2001-05-29 | Intertrust Technologies Corporation | Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels |
US6292569B1 (en) | 1996-08-12 | 2001-09-18 | Intertrust Technologies Corp. | Systems and methods using cryptography to protect secure computing environments |
US20020023214A1 (en) | 1996-08-12 | 2002-02-21 | Intertrust Technologies Corp. | Systems and methods using cryptography to protect secure computing environments |
US6157721A (en) | 1996-08-12 | 2000-12-05 | Intertrust Technologies Corp. | Systems and methods using cryptography to protect secure computing environments |
US5943422A (en) | 1996-08-12 | 1999-08-24 | Intertrust Technologies Corp. | Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels |
US20030041239A1 (en) | 1996-08-12 | 2003-02-27 | Intertrust Technologies Corp. | Systems and methods using cryptography to protect secure computing environments |
WO1998009209A1 (en) | 1996-08-30 | 1998-03-05 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US5892900A (en) | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US20030163431A1 (en) | 1996-08-30 | 2003-08-28 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
WO1998010381A1 (en) | 1996-09-04 | 1998-03-12 | Intertrust Technologies Corp. | Trusted infrastructure support systems, methods and techniques for secure electronic commerce, electronic transactions, commerce process control and automation, distributed computing, and rights management |
US5835595A (en) * | 1996-09-04 | 1998-11-10 | At&T Corp | Method and apparatus for crytographically protecting data |
US6009176A (en) * | 1997-02-13 | 1999-12-28 | International Business Machines Corporation | How to sign digital streams |
US6138119A (en) | 1997-02-25 | 2000-10-24 | Intertrust Technologies Corp. | Techniques for defining, using and manipulating rights management data structures |
US5920861A (en) | 1997-02-25 | 1999-07-06 | Intertrust Technologies Corp. | Techniques for defining using and manipulating rights management data structures |
WO1998037481A1 (en) | 1997-02-25 | 1998-08-27 | Intertrust Technologies Corp. | Techniques for defining, using and manipulating rights management data structures |
US5999949A (en) | 1997-03-14 | 1999-12-07 | Crandall; Gary E. | Text file compression system utilizing word terminators |
WO1999001815A1 (en) | 1997-06-09 | 1999-01-14 | Intertrust, Incorporated | Obfuscation techniques for enhancing software security |
US6668325B1 (en) | 1997-06-09 | 2003-12-23 | Intertrust Technologies | Obfuscation techniques for enhancing software security |
US20030069749A1 (en) | 1997-11-06 | 2003-04-10 | Intertrust Technologies Corp. | Methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information |
US20030069748A1 (en) | 1997-11-06 | 2003-04-10 | Intertrust Technologies Corp. | Methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information |
US20030046244A1 (en) | 1997-11-06 | 2003-03-06 | Intertrust Technologies Corp. | Methods for matching, selecting, and/or classifying based on rights management and/or other information |
US6112181A (en) | 1997-11-06 | 2000-08-29 | Intertrust Technologies Corporation | Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information |
US6938021B2 (en) | 1997-11-06 | 2005-08-30 | Intertrust Technologies Corporation | Methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information |
WO1999024928A2 (en) | 1997-11-06 | 1999-05-20 | Intertrust Technologies Corp. | Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information |
WO1999048296A1 (en) | 1998-03-16 | 1999-09-23 | Intertrust Technologies Corporation | Methods and apparatus for continuous control and protection of media content |
US20040107356A1 (en) | 1999-03-16 | 2004-06-03 | Intertrust Technologies Corp. | Methods and apparatus for persistent control and protection of content |
US20050050332A1 (en) | 1999-06-08 | 2005-03-03 | Intertrust Technologies Corporation | Methods and systems for encoding and protecting data using digital signature and watermarking techniques |
US6961854B2 (en) | 1999-06-08 | 2005-11-01 | Intertrust Technologies Corp. | Methods and systems for encoding and protecting data using digital signature and watermarking techniques |
WO2000075925A1 (en) | 1999-06-08 | 2000-12-14 | Intertrust Technologies Corp. | Method and systems for protecting data using digital signature and watermark |
US6785815B1 (en) | 1999-06-08 | 2004-08-31 | Intertrust Technologies Corp. | Methods and systems for encoding and protecting data using digital signature and watermarking techniques |
WO2001006374A2 (en) | 1999-07-16 | 2001-01-25 | Intertrust Technologies Corp. | System and method for securing an untrusted storage |
WO2001010076A2 (en) | 1999-07-29 | 2001-02-08 | Intertrust Technologies Corp. | Systems and methods for protecting secure and insecure computing environments using cryptography |
US6950867B1 (en) | 1999-07-30 | 2005-09-27 | Intertrust Technologies Corp. | System and method for managing transaction record delivery using an acknowledgement-monitoring process and a failure-recovery process with modifying the predefined fault condition |
WO2001009702A2 (en) | 1999-07-30 | 2001-02-08 | Intertrust Technologies Corp. | Methods and systems for transaction record delivery using thresholds and multi-stage protocol |
US6959384B1 (en) | 1999-12-14 | 2005-10-25 | Intertrust Technologies Corporation | Systems and methods for authenticating and protecting the integrity of data streams and other data |
US20050108555A1 (en) | 1999-12-22 | 2005-05-19 | Intertrust Technologies Corporation | Systems and methods for protecting data secrecy and integrity |
US20050060560A1 (en) | 1999-12-22 | 2005-03-17 | Intertrust Technologies Corporation | Systems and methods for protecting data secrecy and integrity |
US6832316B1 (en) | 1999-12-22 | 2004-12-14 | Intertrust Technologies, Corp. | Systems and methods for protecting data secrecy and integrity |
US20020087859A1 (en) | 2000-05-19 | 2002-07-04 | Weeks Stephen P. | Trust management systems and methods |
US20020152173A1 (en) | 2001-04-05 | 2002-10-17 | Rudd James M. | System and methods for managing the distribution of electronic content |
US20030084003A1 (en) | 2001-04-20 | 2003-05-01 | Intertrust Technologies Corporation | Systems and methods for conducting transactions and communications using a trusted third party |
US20030023856A1 (en) | 2001-06-13 | 2003-01-30 | Intertrust Technologies Corporation | Software self-checking systems and methods |
US20040059951A1 (en) | 2002-04-25 | 2004-03-25 | Intertrust Technologies Corporation | Secure authentication systems and methods |
US20040073813A1 (en) | 2002-04-25 | 2004-04-15 | Intertrust Technologies Corporation | Establishing a secure channel with a human user |
US20050027871A1 (en) | 2003-06-05 | 2005-02-03 | William Bradley | Interoperable systems and methods for peer-to-peer service orchestration |
Non-Patent Citations (22)
Title |
---|
Applied Cryptography, Schneier pp. 433, 434, 1996. * |
Final Office Action dated Dec. 4, 2006 issued in related application U.S. Appl. No. 11/112,520, filed Apr. 22, 2005, Serret-Avila. |
Gennaro, Rosario et al., How to Sign Digital Streams, Advances in Cryptology-CRYPTO '97 (Aug. 17-21, 1997), vol. 1294 of Lecture Notes, Springer-Verlag, 1998, pp. 180-197. |
Gennaro, Rosario et al., How to Sign Digital Streams, Advances in Cryptology—CRYPTO '97 (Aug. 17-21, 1997), vol. 1294 of Lecture Notes, Springer-Verlag, 1998, pp. 180-197. |
Haber, Stuart., et al., How to Time-Stamp a Digital Document, Advances in Cryptology Applications, Proceedings of the Twenty First Annual ACM Symposium on Theroy of Computing (May 15-17, 1989) ACM Press, 1989, pp. 33-43. |
Meners, Alfred J. et al., Chapter 9: Hash Functions and Data lntergrity, Handbook of Applied Cryptography, CRC Press, 1997, pp. 321-383. |
Menezs, Alfred J. et al., Chapter 11: Handbook of Applied Cryptography, CRC Press, 1997, pp. 425-488. |
Naro, Moni et al, Universal One-Way Hash Functions and their Cryptographic Applications, Proceedings of the Twenty First Annual ACM Symposium on Theory of Computing (May 15-17), ACM Press. |
Notice of Allowance dated Feb. 28, 2005, issued in related application U.S. Appl. No. 09/543,750, filed Apr. 5, 2000, Xavier Serret-Avila. |
Notice of Allowance dated Oct. 9, 2007 issued in related application U.S. Appl. No. 11/112,520, filed Apr. 22, 2005, Serret-Avila. |
Office Action dated Mar. 28, 2006, issued in related application U.S. Appl. No. 11/112,520, filed Apr. 22, 2005, Serret-Avila. |
Office Action dated May 12, 2004, issued in related application U.S. Appl. No. 09/543,750, filed Apr. 5, 2000, Xavier Serret-Avila. |
Office Action dated May 15, 2007 issued in related application U.S. Appl. No. 11/112,520, filed Apr. 22, 2005, Serret-Avila. |
Rohtagi, P., "A Compact and Fast Hybrid Signature Scheme for Multicase Packet Authentication", 6th ACM Conference on Computer and Communications Security, Nov. 1999, pp. 93-100. |
Schneier, Bruce, "Applied Cryptography second edition" 1996, ISBN 0-471-11709-9, pp. 433, 434. |
Sibert, Olin, et al. "Digibox: A Self-Protecting Container for Information Commerce," Proceedings of the First USENIX Workshop on Electronic Commerce, New York, NY, Jul. 1995, pp. 1-13. |
Sibert, Olin, et al., "Securing the Content, Not the Wire, for Information Commerce," InterTrust Technologies Corporation, 1996, 12 pages. |
Stefik, M., "Chapter 7, Classification," Introduction to Knowledge Systems, Morgan Kaufmann Publishers, Inc., 1995, pp. 543-607. |
Stefik, M., "Letting Loose the Light: Igniting Commerce in Electronic Publication," Internet Dreams: Archetypes, Myths, and Metaphors. Massachusetts Institute of Technology, 1996, pp. 219-53. |
Stefik, M., "Letting Loose the Light: Igniting Commerce in Electronic Publication," Xerox PARC, Palo Alto, CA, 1994-1995, 35 pages. |
Stefik, M., "Trusted Systems," Scientific American, Mar. 1997, pp. 78-81. |
Wong, C.K. et al., "Digital Signatures for Flows and Multicasts", Proceedings of IEEE ICNP 1998, 1998, 12 pages. |
Also Published As
Publication number | Publication date |
---|---|
US7340602B2 (en) | 2008-03-04 |
US20080222420A1 (en) | 2008-09-11 |
US6959384B1 (en) | 2005-10-25 |
US9401896B2 (en) | 2016-07-26 |
US20160292458A1 (en) | 2016-10-06 |
US20110126084A1 (en) | 2011-05-26 |
US20140289523A1 (en) | 2014-09-25 |
US20190042794A1 (en) | 2019-02-07 |
US10025953B2 (en) | 2018-07-17 |
US7882351B2 (en) | 2011-02-01 |
US20050235154A1 (en) | 2005-10-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10025953B2 (en) | Systems and methods for authenticating and protecting the integrity of data streams and other data | |
US7707429B2 (en) | System and method to proactively detect software tampering | |
WO2021012552A1 (en) | Login processing method and related device | |
US8935528B2 (en) | Techniques for ensuring authentication and integrity of communications | |
US11294989B2 (en) | Content usage monitor | |
US7596692B2 (en) | Cryptographic audit | |
US7484090B2 (en) | Encryption apparatus, decryption apparatus, secret key generation apparatus, and copyright protection system | |
KR100702499B1 (en) | System and method for guaranteeing software integrity | |
US6370250B1 (en) | Method of authentication and storage of private keys in a public key cryptography system (PKCS) | |
US20080044017A1 (en) | Copyright protection system, recording device, and reproduction device | |
US8938617B2 (en) | One way authentication | |
JP2004280284A (en) | Control processor, electronic equipment, and program starting method for electronic equipment, and system module updating method for electronic equipment | |
US7076062B1 (en) | Methods and arrangements for using a signature generating device for encryption-based authentication | |
US20070277037A1 (en) | Software component authentication via encrypted embedded self-signatures | |
KR100561497B1 (en) | Software secure authenticated channel | |
CN110837634B (en) | Electronic signature method based on hardware encryption machine | |
JPH1131105A (en) | Device and method for producing data capsule | |
CN110233729B (en) | Encrypted solid-state disk key management method based on PUF | |
US20050138378A1 (en) | Method and computer system operated software application for digital signature | |
CN115278310A (en) | Method for expanding source authorization information in AVS3 video | |
CN117689392A (en) | Block chain-based digital commodity transaction method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FEPP | Fee payment procedure |
Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551) Year of fee payment: 4 |
|
AS | Assignment |
Owner name: ORIGIN FUTURE ENERGY PTY LTD, CALIFORNIA Free format text: SECURITY INTEREST;ASSIGNOR:INTERTRUST TECHNOLOGIES CORPORATION;REEL/FRAME:052189/0343 Effective date: 20200313 |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20220624 |
|
AS | Assignment |
Owner name: INTERTRUST TECHNOLOGIES CORPORATION, CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:ORIGIN FUTURE ENERGY PTY LTD.;REEL/FRAME:062747/0742 Effective date: 20220908 |
|
AS | Assignment |
Owner name: PLS IV, LLC, NEW YORK Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INTERTRUST TECHNOLOGIES CORPORATION,;REEL/FRAME:066428/0412 Effective date: 20240125 |